Date: 15 March 2007
References: AL-2007.0028
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0170 -- [RedHat]
Critical: firefox security update
15 March 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: firefox
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux 5
Impact: Execute Arbitrary Code/Commands
Denial of Service
Provide Misleading Information
Cross-site Scripting
Read-only Data Access
Access: Remote/Unauthenticated
CVE Names: CVE-2007-0996 CVE-2007-0995 CVE-2007-0994
CVE-2007-0981 CVE-2007-0800 CVE-2007-0780
CVE-2007-0779 CVE-2007-0778 CVE-2007-0777
CVE-2007-0775 CVE-2007-0009 CVE-2007-0008
CVE-2006-6077
Ref: AL-2007.0028
Original Bulletin: https://rhn.redhat.com/errata/RHSA-2007-0097.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- - ---------------------------------------------------------------------
Red Hat Security Advisory
Synopsis: Critical: firefox security update
Advisory ID: RHSA-2007:0097-02
Advisory URL: https://rhn.redhat.com/errata/RHSA-2007-0097.html
Issue date: 2007-03-14
Updated on: 2007-03-14
Product: Red Hat Enterprise Linux
CVE Names: CVE-2006-6077 CVE-2007-0008 CVE-2007-0009
CVE-2007-0775 CVE-2007-0777 CVE-2007-0778
CVE-2007-0779 CVE-2007-0780 CVE-2007-0800
CVE-2007-0981 CVE-2007-0994 CVE-2007-0995
CVE-2007-0996
- - ---------------------------------------------------------------------
1. Summary:
Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64
RHEL Desktop Workstation (v. 5 client) - i386, x86_64
Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64
3. Problem description:
Mozilla Firefox is an open source Web browser.
Flaws were found in the way Firefox executed malformed JavaScript code. A
malicious web page could cause Firefox to crash or allow arbitrary code
to be executed as the user running Firefox. (CVE-2007-0775, CVE-2007-0777)
Cross-site scripting (XSS) flaws were found in Firefox. A malicious web
page could display misleading information, allowing a user to unknowingly
divulge sensitive information, such as a password. (CVE-2006-6077,
CVE-2007-0995, CVE-2007-0996)
A flaw was found in the way Firefox processed JavaScript contained in
certain tags. A malicious web page could cause Firefox to execute
JavaScript code with the privileges of the user running Firefox.
(CVE-2007-0994)
A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may have been able to inject arbitrary HTML into a
browsing session if the user reloaded a targeted site. (CVE-2007-0778)
Certain web content could overlay Firefox user interface elements such as
the hostname and security indicators. A malicious web page could trick a
user into thinking they were visiting a different site. (CVE-2007-0779)
Two flaws were found in Firefox's displaying of blocked popup windows. If a
user could be convinced to open a blocked popup, it was possible to read
arbitrary local files, or conduct a cross-site scripting attack against the
user.
(CVE-2007-0780, CVE-2007-0800)
Two buffer overflow flaws were found in the Network Security Services (NSS)
code for processing the SSLv2 protocol. Connecting to a malicious secure
web server could cause the execution of arbitrary code as the user running
Firefox. (CVE-2007-0008, CVE-2007-0009)
A flaw was found in the way Firefox handled the "location.hostname" value.
A malicious web page could set domain cookies for an arbitrary site, or
possibly perform a cross-site scripting attack. (CVE-2007-0981)
Users of Firefox are advised to upgrade to this erratum package, containing
Firefox version 1.5.0.10 which is not vulnerable to these issues.
4. Solution:
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188
5. Bug IDs fixed (http://bugzilla.redhat.com/):
230050 - CVE-2007-0775 Multiple Firefox flaws (CVE-2007-0777, CVE-2007-0994, CVE-2007-0995, CVE-2007-0996, CVE-2006-6077, CVE-2007-0778, CVE-2007-0779, CVE-2007-0780, CVE-2007-0800, CVE-2007-0008, CVE-2007-0009, CVE-2007-0981)
6. RPMs required:
Red Hat Enterprise Linux Desktop (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm
ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm
60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/yelp-2.16.0-14.0.1.el5.src.rpm
56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm
i386:
0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm
210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm
x86_64:
0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm
2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm
39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm
a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm
502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm
0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm
ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Client/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm
60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm
i386:
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm
x86_64:
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm
ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm
44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm
c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm
5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
SRPMS:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/devhelp-0.12-10.0.1.el5.src.rpm
ecc6ccfcf4c2c08e941f72f5cfeaa55c devhelp-0.12-10.0.1.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/firefox-1.5.0.10-2.el5.src.rpm
60cf3411d9e9b68bf0f25ac3541cf23a firefox-1.5.0.10-2.el5.src.rpm
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/os/SRPMS/yelp-2.16.0-14.0.1.el5.src.rpm
56ce5fe3b3776b01fc7886f65ef1404b yelp-2.16.0-14.0.1.el5.src.rpm
i386:
0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm
39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm
7ac3f70e9c5ba8e68a068946a66a3163 yelp-2.16.0-14.0.1.el5.i386.rpm
210a17a4c674ef1863bd30498fe91a38 yelp-debuginfo-2.16.0-14.0.1.el5.i386.rpm
ia64:
0543d59be616203f72d6b46b33051ac2 devhelp-0.12-10.0.1.el5.ia64.rpm
acab03e92aa6c9cf472218bd698859de devhelp-debuginfo-0.12-10.0.1.el5.ia64.rpm
f40918a968dd3425e534e589cda9b81b devhelp-devel-0.12-10.0.1.el5.ia64.rpm
f22781eca58556113552b288dd7fe76b firefox-1.5.0.10-2.el5.ia64.rpm
a6aaba32c9b8522a18526640c0f8d396 firefox-debuginfo-1.5.0.10-2.el5.ia64.rpm
56ea2d1debbf5c4d7a0f1ae3ebb3e741 firefox-devel-1.5.0.10-2.el5.ia64.rpm
250095927ac38854ab4b42a473a785f7 yelp-2.16.0-14.0.1.el5.ia64.rpm
5df4b3ff6b5cb315a97b7e7f7095cda8 yelp-debuginfo-2.16.0-14.0.1.el5.ia64.rpm
ppc:
576bd9205f61c07a8328ac3309c3cccd devhelp-0.12-10.0.1.el5.ppc.rpm
dcaf49587708080277a2f10b346babd5 devhelp-debuginfo-0.12-10.0.1.el5.ppc.rpm
57b04a6c88b63d1227129f1509ecf8ae devhelp-devel-0.12-10.0.1.el5.ppc.rpm
266c896a44c5818506058d3f43fb510a firefox-1.5.0.10-2.el5.ppc.rpm
6dd9e1c3f0743ec8fb388f601badebcf firefox-debuginfo-1.5.0.10-2.el5.ppc.rpm
81d6fd77e467137a6383ebd75aac7c38 firefox-devel-1.5.0.10-2.el5.ppc.rpm
cdd89632e1d496fdc00db638bbb85297 yelp-2.16.0-14.0.1.el5.ppc.rpm
9a033f9605570160561823425b547720 yelp-debuginfo-2.16.0-14.0.1.el5.ppc.rpm
s390x:
92415d0cd192d89b829d5cea4957ffd3 devhelp-0.12-10.0.1.el5.s390.rpm
249086f31984ef20db1edcc668769c64 devhelp-0.12-10.0.1.el5.s390x.rpm
dc724a4361cb4dd66381b4d82059c8d1 devhelp-debuginfo-0.12-10.0.1.el5.s390.rpm
97a65832a3dd2f76723e0d5d9b6a6d1f devhelp-debuginfo-0.12-10.0.1.el5.s390x.rpm
3c659c50b265f059367e3572d5dc908c devhelp-devel-0.12-10.0.1.el5.s390.rpm
8821c3e5f96844a0563ba7a773925ea4 devhelp-devel-0.12-10.0.1.el5.s390x.rpm
0c8ef9a9f6246dd277247fedcf65e2ef firefox-1.5.0.10-2.el5.s390.rpm
1f2fc90bc59dc42e3068fb358aec67bd firefox-1.5.0.10-2.el5.s390x.rpm
108ef308488056b3df8feb04fc535cee firefox-debuginfo-1.5.0.10-2.el5.s390.rpm
539070e0ca79c624a07230ee7058aff7 firefox-debuginfo-1.5.0.10-2.el5.s390x.rpm
1364113945647fd64b1d2b2b42a40d52 firefox-devel-1.5.0.10-2.el5.s390.rpm
eda1b9d310aeeb22821a0c807794349c firefox-devel-1.5.0.10-2.el5.s390x.rpm
73bb10b49cc143dce64fafea46b74081 yelp-2.16.0-14.0.1.el5.s390x.rpm
00255312f531140dee6d191dcffbce34 yelp-debuginfo-2.16.0-14.0.1.el5.s390x.rpm
x86_64:
0774d6e92c98fd2507952d9ce59ce891 devhelp-0.12-10.0.1.el5.i386.rpm
2c7791aad7d6e18b322f4834088f8708 devhelp-0.12-10.0.1.el5.x86_64.rpm
3acf940cc0301234390c98632c69da11 devhelp-debuginfo-0.12-10.0.1.el5.i386.rpm
b3bf53bcbd8f5e4bc254196496831e74 devhelp-debuginfo-0.12-10.0.1.el5.x86_64.rpm
ede028c4f35108e54ded794f91d4f82e devhelp-devel-0.12-10.0.1.el5.i386.rpm
44f47bf9e6a7ecb39f7c907ca4a381d9 devhelp-devel-0.12-10.0.1.el5.x86_64.rpm
39b98bd5460439dbdd1f0c495028fd33 firefox-1.5.0.10-2.el5.i386.rpm
a0ffe472bf6a3c517d41f0dc8900af86 firefox-1.5.0.10-2.el5.x86_64.rpm
4b0e34c319d80574f720840a04be6716 firefox-debuginfo-1.5.0.10-2.el5.i386.rpm
1ae549e2cab746aa1e2615a6b73c5e20 firefox-debuginfo-1.5.0.10-2.el5.x86_64.rpm
c334841929aae1eb36a71772f51d89da firefox-devel-1.5.0.10-2.el5.i386.rpm
5ba38c9a8e94ed9bb254e8b2010bdbbb firefox-devel-1.5.0.10-2.el5.x86_64.rpm
502e2b4dd68c59593652bf8f44d7dee4 yelp-2.16.0-14.0.1.el5.x86_64.rpm
0974ac1fd3c19e02765a750427efae46 yelp-debuginfo-2.16.0-14.0.1.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://www.redhat.com/security/team/key/#package
7. References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0009
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0778
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0996
http://www.redhat.com/security/updates/classification/#critical
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://www.redhat.com/security/team/contact/
Copyright 2007 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFF+BaiXlSAg2UNWIIRAokoAKCzszdtoga3C9d8uXtAegi72gD44QCgvMdN
uRs95KjG0jL0EmzKD2qQ1Kg=
=SSdn
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRfinkyh9+71yA2DNAQJEYAP/UbaiH6ItowM/LsWl7d6SEUUF8Mrv9R+s
rERheYqxwSTRmpypGQHkcXSGFzOw550xQ/6fMFWY4RT6ImkzNtQVoC3jv90Bf5qL
IdKvpbJ5hDfDpuJesTdAZXxS6C1b8BhLOsJc4NPZVM1zLKsFjIM4KdCRPnDJx0Qa
BZmf439hUts=
=myC2
-----END PGP SIGNATURE-----
|