Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2010:0808-1
Type: Security Advisory
Severity: Critical
Issued on: 2010-10-27
Last updated on: 2010-10-27
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux AS (v. 4.8.z)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux ES (v. 4.8.z)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2010-3765

Details

An updated firefox package that fixes one security issue is now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Mozilla Firefox is an open source web browser.

A race condition flaw was found in the way Firefox handled Document Object
Model (DOM) element properties. A web page containing malicious content
could cause Firefox to crash or, potentially, execute arbitrary code with
the privileges of the user running Firefox. (CVE-2010-3765)

For technical details regarding this flaw, refer to the Mozilla security
advisories for Firefox 3.6.12. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to this updated package, which contains a
backported patch to correct this issue. After installing the update,
Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
IA-64:
firefox-3.6.11-4.el4_8.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 0dddb6c1d4b451c1f7920fdd96c87f6b
SHA-256: 63cc30d2913d21e74869623b0bb969e45a5b9644d3f10c129e4d16eca4827556
 
PPC:
firefox-3.6.11-4.el4_8.ppc.rpm
File outdated by:  RHSA-2012:0142
    MD5: 96ed37223bf0c559202e488fb0677311
SHA-256: 356ad6e7f0d79df6f678d3ec7f4b86a4aec202720ac0a3a150050ed9c19c3839
 
s390:
firefox-3.6.11-4.el4_8.s390.rpm
File outdated by:  RHSA-2012:0142
    MD5: 328df7c81fda4d64eae946201090e91c
SHA-256: 72d65bb00b29c6ee1050bbe578a726bd897077c5106faaad2b8e3b966602e088
 
s390x:
firefox-3.6.11-4.el4_8.s390x.rpm
File outdated by:  RHSA-2012:0142
    MD5: 301c380f08d10dd9e44329440cf2de98
SHA-256: b71085c57141d10840c2872722a098b92c83ff081e9710915230ee81a54eb8f5
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
Red Hat Enterprise Linux AS (v. 4.8.z)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
IA-64:
firefox-3.6.11-4.el4_8.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 0dddb6c1d4b451c1f7920fdd96c87f6b
SHA-256: 63cc30d2913d21e74869623b0bb969e45a5b9644d3f10c129e4d16eca4827556
 
PPC:
firefox-3.6.11-4.el4_8.ppc.rpm
File outdated by:  RHSA-2011:0885
    MD5: 96ed37223bf0c559202e488fb0677311
SHA-256: 356ad6e7f0d79df6f678d3ec7f4b86a4aec202720ac0a3a150050ed9c19c3839
 
s390:
firefox-3.6.11-4.el4_8.s390.rpm
File outdated by:  RHSA-2011:0885
    MD5: 328df7c81fda4d64eae946201090e91c
SHA-256: 72d65bb00b29c6ee1050bbe578a726bd897077c5106faaad2b8e3b966602e088
 
s390x:
firefox-3.6.11-4.el4_8.s390x.rpm
File outdated by:  RHSA-2011:0885
    MD5: 301c380f08d10dd9e44329440cf2de98
SHA-256: b71085c57141d10840c2872722a098b92c83ff081e9710915230ee81a54eb8f5
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
IA-64:
firefox-3.6.11-4.el4_8.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 0dddb6c1d4b451c1f7920fdd96c87f6b
SHA-256: 63cc30d2913d21e74869623b0bb969e45a5b9644d3f10c129e4d16eca4827556
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
Red Hat Enterprise Linux ES (v. 4.8.z)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2011:0885
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
IA-64:
firefox-3.6.11-4.el4_8.ia64.rpm
File outdated by:  RHSA-2011:0885
    MD5: 0dddb6c1d4b451c1f7920fdd96c87f6b
SHA-256: 63cc30d2913d21e74869623b0bb969e45a5b9644d3f10c129e4d16eca4827556
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2011:0885
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
firefox-3.6.11-4.el4_8.src.rpm
File outdated by:  RHSA-2012:0142
    MD5: 6ebdd6ebdc1437c1999340642da038c3
SHA-256: af9623e5232019966767653d749d47259d6edccd6128304dc0dbf87a45f4b363
 
IA-32:
firefox-3.6.11-4.el4_8.i386.rpm
File outdated by:  RHSA-2012:0142
    MD5: ac44b31eb7308836659200e5284d2bb0
SHA-256: 651450710409222f136efd869fb890a57abca1a8d13a1cea859fcc6a004e9733
 
IA-64:
firefox-3.6.11-4.el4_8.ia64.rpm
File outdated by:  RHSA-2012:0142
    MD5: 0dddb6c1d4b451c1f7920fdd96c87f6b
SHA-256: 63cc30d2913d21e74869623b0bb969e45a5b9644d3f10c129e4d16eca4827556
 
x86_64:
firefox-3.6.11-4.el4_8.x86_64.rpm
File outdated by:  RHSA-2012:0142
    MD5: ef33fca8a224950d984a8c42b7216903
SHA-256: c5feaf607e022510f936a581e8f392666bfa863d88d36ff481804a5393869bdd
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

646997 - CVE-2010-3765 Firefox race condition flaw (MFSA 2010-73)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/