Table of Contents
Advertisement
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox.
Two flaws were found in the way certain content was processed. An attacker could use these flaws
to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted
JavaScript.
(CVE-2009-3988
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18.
You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18,
which corrects these issues. After installing the update, Firefox must be restarted for the changes to
take effect.
1.54.2. RHSA-2009:1674: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1674
errata
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response
Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment
for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox.
A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If
an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web
page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other
applications on the user's system.
A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create
an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they
are visiting a secure page.
356
https://www.redhat.com/security/data/cve/CVE-2010-0159.html
357
https://www.redhat.com/security/data/cve/CVE-2010-0160.html
358
https://www.redhat.com/security/data/cve/CVE-2009-3988.html
359
https://www.redhat.com/security/data/cve/CVE-2010-0162.html
361
https://www.redhat.com/security/data/cve/CVE-2009-3979.html
362
https://www.redhat.com/security/data/cve/CVE-2009-3981.html
363
https://www.redhat.com/security/data/cve/CVE-2009-3986.html
364
https://www.redhat.com/security/data/cve/CVE-2009-3983.html
365
https://www.redhat.com/security/data/cve/CVE-2009-3984.html
356
CVE-2010-0160
(CVE-2010-0159
,
358
359
CVE-2010-0162
,
360
361
CVE-2009-3981
(CVE-2009-3979
,
(CVE-2009-3983
365
(CVE-2009-3984
)
RHSA-2009:1674: Critical security update
357
)
)
362
CVE-2009-3986
,
364
)
363
)
57
Advertisement
Table of Contents
Related Manuals for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
Related Products for Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE