RedHatRHSA-2007:0097(RHSA-2007:0097) Critical: firefox security update
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%
Mozilla Firefox is an open source Web browser.
Flaws were found in the way Firefox executed malformed JavaScript code. A
malicious web page could cause Firefox to crash or allow arbitrary code
to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777)
Cross-site scripting (XSS) flaws were found in Firefox. A malicious web
page could display misleading information, allowing a user to unknowingly
divulge sensitive information, such as a password. (CVE-2006-6077,
CVE-2007-0995, CVE-2007-0996)
A flaw was found in the way Firefox processed JavaScript contained in
certain tags. A malicious web page could cause Firefox to execute
JavaScript code with the privileges of the user running Firefox.
(CVE-2007-0994)
A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may have been able to inject arbitrary HTML into a
browsing session if the user reloaded a targeted site. (CVE-2007-0778)
Certain web content could overlay Firefox user interface elements such as
the hostname and security indicators. A malicious web page could trick a
user into thinking they were visiting a different site. (CVE-2007-0779)
Two flaws were found in Firefox’s displaying of blocked popup windows. If a
user could be convinced to open a blocked popup, it was possible to read
arbitrary local files, or conduct a cross-site scripting attack against the
user.
(CVE-2007-0780, CVE-2007-0800)
Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)
A flaw was found in the way Firefox handled the “location.hostname” value.
A malicious web page could set domain cookies for an arbitrary site, or
possibly perform a cross-site scripting attack. (CVE-2007-0981)
Users of Firefox are advised to upgrade to this erratum package, containing
Firefox version 1.5.0.10 which is not vulnerable to these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 5 | ia64 | firefox-devel | < 1.5.0.10-2.el5 | firefox-devel-1.5.0.10-2.el5.ia64.rpm |
| RedHat | 5 | src | yelp | < 2.16.0-14.0.1.el5 | yelp-2.16.0-14.0.1.el5.src.rpm |
| RedHat | 5 | s390 | devhelp | < 0.12-10.0.1.el5 | devhelp-0.12-10.0.1.el5.s390.rpm |
| RedHat | 5 | x86_64 | devhelp | < 0.12-10.0.1.el5 | devhelp-0.12-10.0.1.el5.x86_64.rpm |
| RedHat | 5 | i386 | firefox-devel | < 1.5.0.10-2.el5 | firefox-devel-1.5.0.10-2.el5.i386.rpm |
| RedHat | 5 | ia64 | yelp | < 2.16.0-14.0.1.el5 | yelp-2.16.0-14.0.1.el5.ia64.rpm |
| RedHat | 5 | s390x | devhelp-devel | < 0.12-10.0.1.el5 | devhelp-devel-0.12-10.0.1.el5.s390x.rpm |
| RedHat | 5 | x86_64 | devhelp-devel | < 0.12-10.0.1.el5 | devhelp-devel-0.12-10.0.1.el5.x86_64.rpm |
| RedHat | 5 | s390 | devhelp-devel | < 0.12-10.0.1.el5 | devhelp-devel-0.12-10.0.1.el5.s390.rpm |
| RedHat | 5 | src | devhelp | < 0.12-10.0.1.el5 | devhelp-0.12-10.0.1.el5.src.rpm |
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.972 High
EPSS
Percentile
99.8%