(RHSA-2009:0397) Critical: firefox security update

2009-03-2700:00:00

access.redhat.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.96 High

EPSS

Percentile

99.3%

JSON

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A memory corruption flaw was discovered in the way Firefox handles XML
files containing an XSLT transform. A remote attacker could use this flaw
to crash Firefox or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2009-1169)

A flaw was discovered in the way Firefox handles certain XUL garbage
collection events. A remote attacker could use this flaw to crash Firefox
or, potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1044)

For technical details regarding these flaws, refer to the Mozilla security
advisories. You can find a link to the Mozilla advisories in the References
section of this errata.

Firefox users should upgrade to these updated packages, which resolve these
issues. For Red Hat Enterprise Linux 4, they contain backported patches to
the firefox package. For Red Hat Enterprise Linux 5, they contain
backported patches to the xulrunner packages. After installing the update,
Firefox must be restarted for the changes to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat4srcfirefox< 3.0.7-3.el4firefox-3.0.7-3.el4.src.rpm
RedHat5s390xxulrunner-devel-unstable< 1.9.0.7-3.el5xulrunner-devel-unstable-1.9.0.7-3.el5.s390x.rpm
RedHat5x86_64xulrunner-devel< 1.9.0.7-3.el5xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm
RedHat4i386firefox< 3.0.7-3.el4firefox-3.0.7-3.el4.i386.rpm
RedHat5srcxulrunner< 1.9.0.7-3.el5xulrunner-1.9.0.7-3.el5.src.rpm
RedHat4ia64firefox< 3.0.7-3.el4firefox-3.0.7-3.el4.ia64.rpm
RedHat4x86_64firefox< 3.0.7-3.el4firefox-3.0.7-3.el4.x86_64.rpm
RedHat5ppcxulrunner-devel-unstable< 1.9.0.7-3.el5xulrunner-devel-unstable-1.9.0.7-3.el5.ppc.rpm
RedHat4ppcfirefox< 3.0.7-3.el4firefox-3.0.7-3.el4.ppc.rpm
RedHat5ia64xulrunner-devel< 1.9.0.7-3.el5xulrunner-devel-1.9.0.7-3.el5.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	src	firefox	< 3.0.7-3.el4	firefox-3.0.7-3.el4.src.rpm
RedHat	5	s390x	xulrunner-devel-unstable	< 1.9.0.7-3.el5	xulrunner-devel-unstable-1.9.0.7-3.el5.s390x.rpm
RedHat	5	x86_64	xulrunner-devel	< 1.9.0.7-3.el5	xulrunner-devel-1.9.0.7-3.el5.x86_64.rpm
RedHat	4	i386	firefox	< 3.0.7-3.el4	firefox-3.0.7-3.el4.i386.rpm
RedHat	5	src	xulrunner	< 1.9.0.7-3.el5	xulrunner-1.9.0.7-3.el5.src.rpm
RedHat	4	ia64	firefox	< 3.0.7-3.el4	firefox-3.0.7-3.el4.ia64.rpm
RedHat	4	x86_64	firefox	< 3.0.7-3.el4	firefox-3.0.7-3.el4.x86_64.rpm
RedHat	5	ppc	xulrunner-devel-unstable	< 1.9.0.7-3.el5	xulrunner-devel-unstable-1.9.0.7-3.el5.ppc.rpm
RedHat	4	ppc	firefox	< 3.0.7-3.el4	firefox-3.0.7-3.el4.ppc.rpm
RedHat	5	ia64	xulrunner-devel	< 1.9.0.7-3.el5	xulrunner-devel-1.9.0.7-3.el5.ia64.rpm