Oval Definition:oval:com.redhat.rhsa:def:20070724
Revision Date:2008-03-20Version:637
Title:RHSA-2007:0724: firefox security update (Critical)
Description:Mozilla Firefox is an open source Web browser.

  • Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

  • Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089)

  • A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656)

    Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2007-3089
    CVE-2007-3656
    CVE-2007-3734
    CVE-2007-3735
    CVE-2007-3736
    CVE-2007-3737
    CVE-2007-3738
    RHSA-2007:0724
    RHSA-2007:0724-02
    RHSA-2007:0724-02
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND firefox is earlier than 0:1.5.0.12-0.3.el4
  • AND firefox is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND firefox is earlier than 0:1.5.0.12-3.el5
  • AND firefox is signed with Red Hat redhatrelease2 key
    • BACK