(RHSA-2008:0879) Critical: firefox security update

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064)

Several flaws were found in the way malformed web content was displayed. A
web page containing specially crafted content could potentially trick a
Firefox user into surrendering sensitive information. (CVE-2008-4067,
CVE-2008-4068)

A flaw was found in the way Firefox handles mouse click events. A web page
containing specially crafted JavaScript code could move the content window
while a mouse-button was pressed, causing any item under the pointer to be
dragged. This could, potentially, cause the user to perform an unsafe
drag-and-drop action. (CVE-2008-3837)

A flaw was found in Firefox that caused certain characters to be stripped
from JavaScript code. This flaw could allow malicious JavaScript to bypass
or evade script filters. (CVE-2008-4065)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.2. You can find a link to the Mozilla
advisories in the References section.

All firefox users should upgrade to this updated package, which contains
backported patches that correct these issues.