Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual page 68

Chapter 1. Package Updates
A flaw was found in the way Firefox displayed blank pages after a user navigates to an invalid
address. If a user visits an attacker-controlled web page that results in a blank page, the attacker
could inject content into that blank page, possibly tricking the user into believing they are viewing a
legitimate page. (CVE-2009-3985
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.16.
You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.16,
which corrects these issues. After installing the update, Firefox must be restarted for the changes to
take effect.
1.54.3. RHSA-2009:1530: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1530
errata
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response
Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment
for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).
A flaw was found in the way Firefox handles form history. A malicious web page could steal saved
form data by synthesizing input events, causing the browser to auto-fill form fields (which could then
be read by an attacker).
A flaw was found in the way Firefox creates temporary file names for downloaded files. If a local
attacker knows the name of a file Firefox is going to download, they can replace the contents of that
file with arbitrary contents.
A flaw was found in the Firefox Proxy Auto-Configuration (PAC) file processor. If Firefox loads a
malicious PAC file, it could crash Firefox or, potentially, execute arbitrary code with the privileges of the
user running Firefox. (CVE-2009-3372
A heap-based buffer overflow flaw was found in the Firefox GIF image processor. A malicious GIF
image could crash Firefox or, potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2009-3373
A heap-based buffer overflow flaw was found in the Firefox string to floating point conversion routines.
A web page containing malicious JavaScript could crash Firefox or, potentially, execute arbitrary code
with the privileges of the user running Firefox.
366
https://www.redhat.com/security/data/cve/CVE-2009-3985.html
368
https://www.redhat.com/security/data/cve/CVE-2009-3370.html
369
https://www.redhat.com/security/data/cve/CVE-2009-3274.html
370
https://www.redhat.com/security/data/cve/CVE-2009-3372.html
371
https://www.redhat.com/security/data/cve/CVE-2009-3373.html
372
https://www.redhat.com/security/data/cve/CVE-2009-1563.html
58
366
)
367
368
(CVE-2009-3370 )
369
(CVE-2009-3274 )
370
)
371
)
(CVE-2009-1563
372
)