Red Hat ENTERPRISE LINUX 5.5 - TECHNICAL NOTES Manual page 69

A flaw was found in the way Firefox handles text selection. A malicious website may be able to read
highlighted text in a different domain (e.g. another website the user is viewing), bypassing the same-
origin policy. (CVE-2009-3375
A flaw was found in the way Firefox displays a right-to-left override character when downloading a file.
In these cases, the name displayed in the title bar differs from the name displayed in the dialog body.
An attacker could use this flaw to trick a user into downloading a file that has a file name or extension
that differs from what the user expected.
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox.
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.15.
You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.15,
which corrects these issues. After installing the update, Firefox must be restarted for the changes to
take effect.
1.54.4. RHSA-2009:1430: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security
RHSA-2009:1430
errata
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response
Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment
for Mozilla Firefox. nspr provides the Netscape Portable Runtime (NSPR).
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the
privileges of the user running Firefox.
382
CVE-2009-3074 CVE-2009-3075
,
A use-after-free flaw was found in Firefox. An attacker could use this flaw to crash Firefox or,
potentially, execute arbitrary code with the privileges of the user running Firefox.
373
https://www.redhat.com/security/data/cve/CVE-2009-3375.html
374
https://www.redhat.com/security/data/cve/CVE-2009-3376.html
375
https://www.redhat.com/security/data/cve/CVE-2009-3374.html
376
https://www.redhat.com/security/data/cve/CVE-2009-3380.html
377
https://www.redhat.com/security/data/cve/CVE-2009-3382.html
379
https://www.redhat.com/security/data/cve/CVE-2009-3070.html
380
https://www.redhat.com/security/data/cve/CVE-2009-3071.html
381
https://www.redhat.com/security/data/cve/CVE-2009-3072.html
382
https://www.redhat.com/security/data/cve/CVE-2009-3074.html
383
https://www.redhat.com/security/data/cve/CVE-2009-3075.html
384
https://www.redhat.com/security/data/cve/CVE-2009-3077.html
373
)
(CVE-2009-3376
375
CVE-2009-3380
(CVE-2009-3374 ,
378
(CVE-2009-3070
383
)
RHSA-2009:1430: Critical security update
374
)
376
CVE-2009-3382
,
379 380
CVE-2009-3071
,
377
)
381
CVE-2009-3072
, ,
384
(CVE-2009-3077 )
59