Basic search

K
centosCentOS ProjectCESA-2008:0103
HistoryFeb 08, 2008 - 7:18 p.m.

firefox security update

2008-02-0819:18:05
CentOS Project
lists.centos.org
48

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.162 Low

EPSS

Percentile

95.8%

CentOS Errata and Security Advisory CESA-2008:0103

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
(CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419)

Several flaws were found in the way Firefox displayed malformed web
content. A webpage containing specially-crafted content could trick a user
into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593)

A flaw was found in the way Firefox stored password data. If a user saves
login information for a malicious website, it could be possible to corrupt
the password database, preventing the user from properly accessing saved
password data. (CVE-2008-0417)

A flaw was found in the way Firefox handles certain chrome URLs. If a user
has certain extensions installed, it could allow a malicious website to
steal sensitive session data. Note: this flaw does not affect a default
installation of Firefox. (CVE-2008-0418)

A flaw was found in the way Firefox saves certain text files. If a
website offers a file of type “plain/text”, rather than “text/plain”,
Firefox will not show future “text/plain” content to the user in the
browser, forcing them to save those files locally to view the content.
(CVE-2008-0592)

Users of firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-February/076825.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076826.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076831.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076832.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076837.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076839.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076840.html
https://lists.centos.org/pipermail/centos-announce/2008-February/076843.html

Affected packages:
firefox
firefox-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0103

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.162 Low

EPSS

Percentile

95.8%

Related for CESA-2008:0103