_______________________________________________________________________
Package : firefox
Date : June 17, 2009
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.x:
CVE-2009-1392: Firefox browser engine crashes
CVE-2009-1832: Firefox double frame construction flaw
CVE-2009-1833: Firefox JavaScript engine crashes
CVE-2009-1834: Firefox URL spoofing with invalid unicode characters
CVE-2009-1835: Firefox Arbitrary domain cookie access by local file:
resources
CVE-2009-1836: Firefox SSL tampering via non-200 responses to proxy
CONNECT requests
CVE-2009-1837: Firefox Race condition while accessing the private
data of a NPObject JS wrapper class object
CVE-2009-1838: Firefox arbitrary code execution flaw
CVE-2009-1839: Firefox information disclosure flaw
CVE-2009-1840: Firefox XUL scripts skip some security checks
CVE-2009-1841: Firefox JavaScript arbitrary code execution
CVE-2009-2043: firefox - remote TinyMCE denial of service
CVE-2009-2044: firefox - remote GIF denial of service
CVE-2009-2061: firefox - man-in-the-middle exploit
CVE-2009-2065: firefox - man-in-the-middle exploit
This update provides the latest Mozilla Firefox 3.x to correct
these issues.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1392
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1832
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1833
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1834
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1835
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1836
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1837
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1838
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1839
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1840
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1841
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2043
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2044
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2061
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2065
http://www.mozilla.org/security/known-v ... efox3.0.11
_______________________________________________________________________
[ MDVSA-2009:134 ] firefox
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:134 ] firefox
Kirjoittaja dude67 » 17 Kesä 2009, 20:43
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 28 vierailijaa