Oval Definition:oval:com.redhat.rhsa:def:20070400
Revision Date:2007-05-31Version:636
Title:RHSA-2007:0400: firefox security update (Critical)
Description:Mozilla Firefox is an open source Web browser.

  • Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-2867, CVE-2007-2868)

  • A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's firewall. (CVE-2007-1562)

  • Several denial of service flaws were found in the way Firefox handled certain form and cookie data. A malicious web site that is able to set arbitrary form and cookie data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

  • A flaw was found in the way Firefox handled the addEventListener JavaScript method. A malicious web site could use this method to access or modify sensitive data from another web site. (CVE-2007-2870)

  • A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content that would overlay user interface elements such as the hostname and security indicators, tricking users into thinking they are visiting a different site. (CVE-2007-2871)

    Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.12 that corrects these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-1362
    CVE-2007-1562
    CVE-2007-2867
    CVE-2007-2868
    CVE-2007-2869
    CVE-2007-2870
    CVE-2007-2871
    RHSA-2007:0400
    RHSA-2007:0400-02
    RHSA-2007:0400-02
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND firefox is earlier than 0:1.5.0.12-0.1.el4
  • AND firefox is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • devhelp is earlier than 0:0.12-11.el5
  • AND devhelp is signed with Red Hat redhatrelease2 key
  • devhelp-devel is earlier than 0:0.12-11.el5
  • AND devhelp-devel is signed with Red Hat redhatrelease2 key
  • firefox is earlier than 0:1.5.0.12-1.el5
  • AND firefox is signed with Red Hat redhatrelease2 key
  • yelp is earlier than 0:2.16.0-15.el5
  • AND yelp is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 4 is installed
  • AND firefox is earlier than 0:1.5.0.12-0.1.el4
  • AND firefox is signed with Red Hat master key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • devhelp is earlier than 0:0.12-11.el5
  • AND devhelp is signed with Red Hat redhatrelease key
  • devhelp-devel is earlier than 0:0.12-11.el5
  • AND devhelp-devel is signed with Red Hat redhatrelease key
  • firefox is earlier than 0:1.5.0.12-1.el5
  • AND firefox is signed with Red Hat redhatrelease key
  • firefox-devel is earlier than 0:1.5.0.12-1.el5
  • AND firefox-devel is signed with Red Hat redhatrelease key
  • yelp is earlier than 0:2.16.0-15.el5
  • AND yelp is signed with Red Hat redhatrelease key
    • BACK