_______________________________________________________________________
Package : firefox
Date : July 30, 2009
Affected: Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered and corrected in Mozilla
Firefox 3.0.x:
Several flaws in Firefox browser and javascript engine could allow a
malicious site to cause a denial-of-service of possibly remote code
execution (CVE-2009-1392, CVE-2009-1832, CVE-2009-1833, CVE-2009-1837,
CVE-2009-1838, CVE-2009-1841, CVE-2009-2043, CVE-2009-2044).
Several flaws were discovered in Firefox which could lead to
information disclosure and security bypass (CVE-2009-1834,
CVE-2009-1835, CVE-2009-1836, CVE-2009-1839, CVE-2009-1840).
Several flaws were discovered in the Firefox browser and
JavaScript engines, which could allow a malicious website to
cause a denial of service or possibly execute arbitrary code with
user privileges. (CVE-2009-2462, CVE-2009-2463, CVE-2009-2464,
CVE-2009-2465, CVE-2009-2466, CVE-2009-2468)
Attila Suszter discovered a flaw in the way Firefox processed
Flash content, which could cause a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2467)
It was discovered that Firefox did not properly handle some
SVG content, which could lead to a denial of service or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2009-2469)
A flaw was discovered in the JavaScript engine which could be used
to perform cross-site scripting attacks. (CVE-2009-2472)
This update provides the latest Mozilla Firefox 3.0.x to correct
these issues.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1392
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1832
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1833
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1834
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1835
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1836
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1837
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1838
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1839
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1840
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1841
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2043
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2044
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2061
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2065
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2462
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2463
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2464
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2465
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2466
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2467
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2468
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2469
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-2472
http://www.mozilla.org/security/known-v ... efox3.0.12
_______________________________________________________________________