(RHSA-2010:0558) Critical: firefox security update

2010-07-2300:00:00

access.redhat.com

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.28 Low

EPSS

Percentile

96.3%

JSON

Mozilla Firefox is an open source web browser.

An invalid free flaw was found in Firefox’s plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing Firefox
to crash or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2010-2755)

All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update, Firefox
must be restarted for the changes to take effect.

OSVersionArchitecturePackageVersionFilename
RedHat4i386firefox< 3.6.7-3.el4firefox-3.6.7-3.el4.i386.rpm
RedHat4ia64firefox< 3.6.7-3.el4firefox-3.6.7-3.el4.ia64.rpm
RedHat4x86_64firefox< 3.6.7-3.el4firefox-3.6.7-3.el4.x86_64.rpm
RedHat4s390firefox< 3.6.7-3.el4firefox-3.6.7-3.el4.s390.rpm
RedHat4s390xfirefox< 3.6.7-3.el4firefox-3.6.7-3.el4.s390x.rpm
RedHat4srcfirefox< 3.6.7-3.el4firefox-3.6.7-3.el4.src.rpm
RedHat4ppcfirefox< 3.6.7-3.el4firefox-3.6.7-3.el4.ppc.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	4	i386	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.i386.rpm
RedHat	4	ia64	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.ia64.rpm
RedHat	4	x86_64	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.x86_64.rpm
RedHat	4	s390	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.s390.rpm
RedHat	4	s390x	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.s390x.rpm
RedHat	4	src	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.src.rpm
RedHat	4	ppc	firefox	< 3.6.7-3.el4	firefox-3.6.7-3.el4.ppc.rpm