firefox security update

CentOS Errata and Security Advisory CESA-2006:0733

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processes certain malformed
Javascript code. A malicious web page could cause the execution of
Javascript code in such a way that could cause Firefox to crash or execute
arbitrary code as the user running Firefox. (CVE-2006-5463, CVE-2006-5747,
CVE-2006-5748)

Several flaws were found in the way Firefox renders web pages. A malicious
web page could cause the browser to crash or possibly execute arbitrary
code as the user running Firefox. (CVE-2006-5464)

A flaw was found in the way Firefox verifies RSA signatures. For RSA keys
with exponent 3 it is possible for an attacker to forge a signature that
would be incorrectly verified by the NSS library. Firefox as shipped trusts
several root Certificate Authorities that use exponent 3. An attacker could
have created a carefully crafted SSL certificate which be incorrectly
trusted when their site was visited by a victim. This flaw was previously
thought to be fixed in Firefox 1.5.0.7, however Ulrich Kuehn discovered the
fix was incomplete (CVE-2006-5462)

Users of Firefox are advised to upgrade to these erratum packages, which
contain Firefox version 1.5.0.8 that corrects these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2006-November/075540.html
https://lists.centos.org/pipermail/centos-announce/2006-November/075543.html
https://lists.centos.org/pipermail/centos-announce/2006-November/075544.html
https://lists.centos.org/pipermail/centos-announce/2006-November/075559.html

Affected packages:
firefox

Upstream details at:
https://access.redhat.com/errata/RHSA-2006:0733