_______________________________________________________________________
Package : firefox
Date : July 30, 2009
Affected: 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.0.x:
Several flaws were discovered in the Firefox browser and
JavaScript engines, which could allow a malicious website to
cause a denial of service or possibly execute arbitrary code with
user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464,
CVE-2009-2465, CVE-2009-2466, CVE-2009-2468, CVE-2009-2471)
Attila Suszter discovered a flaw in the way Firefox processed
Flash content, which could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2467)
It was discovered that Firefox did not properly handle some
SVG content, which could lead to a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2469)
A flaw was discovered in the JavaScript engine which could be used
to perform cross-site scripting attacks. (CVE-2009-2472)
This update provides the latest Mozilla Firefox 3.0.x to correct
these issues.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2462
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2463
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2464
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2465
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2466
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2467
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2468
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2469
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2472
http://www.mozilla.org/security/known-v ... efox3.0.12
_______________________________________________________________________
[ MDVSA-2009:182 ] firefox
Ensimmäinen lukematon viesti • 1 viesti
• Sivu 1/1
[ MDVSA-2009:182 ] firefox
Kirjoittaja dude67 » 01 Elo 2009, 11:23
1. Mageia-1 KDE4 x86_64 (& Win7 Pro) | desktop
2. Mageia-2 KDE4 (& Win7 Home Premium) | laptop Acer 7530
3. Mageia-1 KDE4 (& Win7 Starter) | Samsung NC-10 miniläppäri
4. Mageia-1 KDE4 | serverinä toimiva desktop
Luotettavaa Linux käyttöä jo Mandriva 2006.0:sta lähtien
-
dude67 - Site Admin
- Viestit: 2256
- Liittynyt: 27 Syys 2007, 16:58
- Paikkakunta: Espoo
1 viesti
• Sivu 1/1
Paluu Mandrivan turvallisuustiedotteet
Paikallaolijat
Käyttäjiä lukemassa tätä aluetta: Ei rekisteröityneitä käyttäjiä ja 18 vierailijaa