[ MDVSA-2009:236 ] firefox

Kirjoittaja **dude67** » 20 Syys 2009, 18:18

_______________________________________________________________________

Package : firefox
Date : September 20, 2009
Affected: 2009.0, 2009.1, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Security issues were identified and fixed in firefox 3.0.x:

Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 3.0.14 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors (CVE-2009-3069, CVE-2009-3070,
CVE-2009-3071, CVE-2009-3072).

Multiple unspecified vulnerabilities in the JavaScript engine in
Mozilla Firefox before 3.0.14 allows remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (CVE-2009-3073,
CVE-2009-3074, CVE-2009-3075).

Mozilla Firefox before 3.0.14 does not properly implement
certain dialogs associated with the (1) pkcs11.addmodule and (2)
pkcs11.deletemodule operations, which makes it easier for remote
attackers to trick a user into installing or removing an arbitrary
PKCS11 module (CVE-2009-3076).

Mozilla Firefox before 3.0.14 does not properly manage pointers for the
columns (aka TreeColumns) of a XUL tree element, which allows remote
attackers to execute arbitrary code via a crafted HTML document,
related to a dangling pointer vulnerability. (CVE-2009-3077).

Visual truncation vulnerability in Mozilla Firefox before 3.0.14
allows remote attackers to trigger a vertical scroll and spoof URLs
via unspecified Unicode characters with a tall line-height property
(CVE-2009-3078).

Unspecified vulnerability in Mozilla Firefox before 3.0.14 allows
remote attackers to execute arbitrary JavaScript with chrome
privileges via vectors involving an object, the FeedWriter, and the
BrowserFeedWriter (CVE-2009-3079).

This update provides the latest Mozilla Firefox 3.0.x to correct
these issues.

Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3069
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3070
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3071
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3072
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3073
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3074
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3075
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3076
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3077
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3078
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-3079
http://www.mozilla.org/security/known-v ... efox3.0.14
_______________________________________________________________________

[ MDVSA-2009:236 ] firefox

[ MDVSA-2009:236 ] firefox

Paikallaolijat