Oval Definition:oval:com.redhat.rhsa:def:20080978
Revision Date:2008-11-13Version:639
Title:RHSA-2008:0978: firefox security update (Critical)
Description:Mozilla Firefox is an open source Web browser.

  • Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017, CVE-2008-5018, CVE-2008-5019, CVE-2008-5021)

  • Several flaws were found in the way malformed content was processed. A web site containing specially-crafted content could potentially trick a Firefox user into surrendering sensitive information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024)

  • A flaw was found in the way Firefox opened "file:" URIs. If a file: URI was loaded in the same tab as a chrome or privileged "about:" page, the file: URI could execute arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015)

    For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.4. You can find a link to the Mozilla advisories in the References section.

    All firefox users should upgrade to these updated packages, which contain backported patches that correct these issues.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2008-0017
    CVE-2008-5014
    CVE-2008-5015
    CVE-2008-5016
    CVE-2008-5017
    CVE-2008-5018
    CVE-2008-5019
    CVE-2008-5021
    CVE-2008-5022
    CVE-2008-5023
    CVE-2008-5024
    CVE-2008-5052
    RHSA-2008:0978
    RHSA-2008:0978-01
    RHSA-2008:0978-01
    Platform(s):Red Hat Enterprise Linux 4
    Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 4 is installed
  • AND
  • firefox is earlier than 0:3.0.4-1.el4
  • AND firefox is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.12.1.1-3.el4
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.12.1.1-3.el4
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • firefox is earlier than 0:3.0.4-1.el5
  • AND firefox is signed with Red Hat redhatrelease2 key
  • xulrunner is earlier than 0:1.9.0.4-1.el5
  • AND xulrunner is signed with Red Hat redhatrelease2 key
  • xulrunner-devel is earlier than 0:1.9.0.4-1.el5
  • AND xulrunner-devel is signed with Red Hat redhatrelease2 key
  • xulrunner-devel-unstable is earlier than 0:1.9.0.4-1.el5
  • AND xulrunner-devel-unstable is signed with Red Hat redhatrelease2 key
  • nss is earlier than 0:3.12.1.1-3.el5
  • AND nss is signed with Red Hat redhatrelease2 key
  • nss-devel is earlier than 0:3.12.1.1-3.el5
  • AND nss-devel is signed with Red Hat redhatrelease2 key
  • nss-pkcs11-devel is earlier than 0:3.12.1.1-3.el5
  • AND nss-pkcs11-devel is signed with Red Hat redhatrelease2 key
  • nss-tools is earlier than 0:3.12.1.1-3.el5
  • AND nss-tools is signed with Red Hat redhatrelease2 key
  • devhelp is earlier than 0:0.12-20.el5
  • AND devhelp is signed with Red Hat redhatrelease2 key
  • devhelp-devel is earlier than 0:0.12-20.el5
  • AND devhelp-devel is signed with Red Hat redhatrelease2 key
  • yelp is earlier than 0:2.16.0-22.el5
  • AND yelp is signed with Red Hat redhatrelease2 key
  • BACK