Red Hat Product Errata RHSA-2007:0724 - Security Advisory
Issued:
2007-07-18
Updated:
2007-12-04

RHSA-2007:0724 - Security Advisory

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated firefox packages that fix several security bugs are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed
JavaScript code. A web page containing malicious JavaScript code could
cause Firefox to crash or potentially execute arbitrary code as the user
running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738)

Several content injection flaws were found in the way Firefox handled
certain JavaScript code. A web page containing malicious JavaScript code
could inject arbitrary content into other web pages. (CVE-2007-3736,
CVE-2007-3089)

A flaw was found in the way Firefox cached web pages on the local disk. A
malicious web page may be able to inject arbitrary HTML into a browsing
session if the user reloads a targeted site. (CVE-2007-3656)

Users of Firefox are advised to upgrade to these erratum packages, which
contain backported patches that correct these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 248518 - CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738)

Red Hat Enterprise Linux Server 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
x86_64
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-1.5.0.12-3.el5.x86_64.rpm SHA-256: d03734fc4fd8ccde0dff337e27fd5281aa1f63c52a3ef2983df0a07ff22ef578
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d
firefox-devel-1.5.0.12-3.el5.x86_64.rpm SHA-256: 8d487ce7f595b2491fba2a6088a4266737e08989696d7764ea052076032f684d
ia64
firefox-1.5.0.12-3.el5.ia64.rpm SHA-256: 05b1b0c74fce88e35aa7c6273426bcb6ca0bfeb0105298c74fd370ce23a14a2e
firefox-devel-1.5.0.12-3.el5.ia64.rpm SHA-256: f0aeddbbf5a1d47c6844314f00685af227fbb83557f0322198dabbb53c7f1648
i386
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d

Red Hat Enterprise Linux Server 4

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
x86_64
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
ia64
firefox-1.5.0.12-0.3.el4.ia64.rpm SHA-256: 85d3ae3fad448f2769d6f1a54f3014e98888720cf55a7dce32b910853a128c39
firefox-1.5.0.12-0.3.el4.ia64.rpm SHA-256: 85d3ae3fad448f2769d6f1a54f3014e98888720cf55a7dce32b910853a128c39
i386
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.5

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
x86_64
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
ia64
firefox-1.5.0.12-0.3.el4.ia64.rpm SHA-256: 85d3ae3fad448f2769d6f1a54f3014e98888720cf55a7dce32b910853a128c39
firefox-1.5.0.12-0.3.el4.ia64.rpm SHA-256: 85d3ae3fad448f2769d6f1a54f3014e98888720cf55a7dce32b910853a128c39
i386
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463

Red Hat Enterprise Linux Workstation 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
x86_64
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-1.5.0.12-3.el5.x86_64.rpm SHA-256: d03734fc4fd8ccde0dff337e27fd5281aa1f63c52a3ef2983df0a07ff22ef578
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d
firefox-devel-1.5.0.12-3.el5.x86_64.rpm SHA-256: 8d487ce7f595b2491fba2a6088a4266737e08989696d7764ea052076032f684d
i386
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d

Red Hat Enterprise Linux Workstation 4

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
x86_64
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
ia64
firefox-1.5.0.12-0.3.el4.ia64.rpm SHA-256: 85d3ae3fad448f2769d6f1a54f3014e98888720cf55a7dce32b910853a128c39
i386
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463

Red Hat Enterprise Linux Desktop 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
x86_64
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-1.5.0.12-3.el5.x86_64.rpm SHA-256: d03734fc4fd8ccde0dff337e27fd5281aa1f63c52a3ef2983df0a07ff22ef578
i386
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063

Red Hat Enterprise Linux Desktop 4

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
x86_64
firefox-1.5.0.12-0.3.el4.x86_64.rpm SHA-256: ff92c2244843799b4194b58a9f71c70cdfd877dd85ee371ab65af62f726ec416
i386
firefox-1.5.0.12-0.3.el4.i386.rpm SHA-256: 28877d5130bfceeaec63c6191a4e729a229454e717b5967db68411d24d7b8463

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
s390x
firefox-1.5.0.12-3.el5.s390.rpm SHA-256: 56472103ac300c1057ac49d702352e5b819b6c57c9ddeeaed3a026c7380dfe2f
firefox-1.5.0.12-3.el5.s390x.rpm SHA-256: b12ccf4382e014249913cb0f2eaa7ec3e4c0248d9aed081eaa67b25869f3741e
firefox-devel-1.5.0.12-3.el5.s390.rpm SHA-256: 13afa18d8a0bc08552ac662b66371b984546019a12f7a83e636beb12e3bd8dce
firefox-devel-1.5.0.12-3.el5.s390x.rpm SHA-256: f07496b6822c827afcc12b3ecd516db8c807fb60d4303c5bdfab8e35704eb900

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
s390x
firefox-1.5.0.12-0.3.el4.s390x.rpm SHA-256: 3363f7d52924608e65e218480bc64f597dea1f71bd8a0e3f894a6a13f3257b6a
s390
firefox-1.5.0.12-0.3.el4.s390.rpm SHA-256: 67ddd531d8a97536f508c4748d427e97c8e93818388643cab2695a39d4e61772

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.5

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
s390x
firefox-1.5.0.12-0.3.el4.s390x.rpm SHA-256: 3363f7d52924608e65e218480bc64f597dea1f71bd8a0e3f894a6a13f3257b6a
s390
firefox-1.5.0.12-0.3.el4.s390.rpm SHA-256: 67ddd531d8a97536f508c4748d427e97c8e93818388643cab2695a39d4e61772

Red Hat Enterprise Linux for Power, big endian 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
ppc
firefox-1.5.0.12-3.el5.ppc.rpm SHA-256: 6829f90ea3e73838018d614f5ea83ad75a1834144a9ffee4481d2c53b4d29999
firefox-devel-1.5.0.12-3.el5.ppc.rpm SHA-256: 21b9e6eb50e556aa78a3560001419e1153a3569c40eb9dcccd1b6885902d7d41

Red Hat Enterprise Linux for Power, big endian 4

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
ppc
firefox-1.5.0.12-0.3.el4.ppc.rpm SHA-256: 1bf921b560d7117d79ebaf025d0b3f45cd8f0dca5c6d04f574b8b63a83f5a8bc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.5

SRPM
firefox-1.5.0.12-0.3.el4.src.rpm SHA-256: d0bee522221b7af0da3546ec7070eacad3dc4e27554e5ad8f2111e0b10cd8461
ppc
firefox-1.5.0.12-0.3.el4.ppc.rpm SHA-256: 1bf921b560d7117d79ebaf025d0b3f45cd8f0dca5c6d04f574b8b63a83f5a8bc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
firefox-1.5.0.12-3.el5.src.rpm SHA-256: 597464f35cb6a598448b56523e4466c09569f346b329e4f640e480f0a96d5802
x86_64
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-1.5.0.12-3.el5.x86_64.rpm SHA-256: d03734fc4fd8ccde0dff337e27fd5281aa1f63c52a3ef2983df0a07ff22ef578
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d
firefox-devel-1.5.0.12-3.el5.x86_64.rpm SHA-256: 8d487ce7f595b2491fba2a6088a4266737e08989696d7764ea052076032f684d
i386
firefox-1.5.0.12-3.el5.i386.rpm SHA-256: d178769b0ba984cd70c28300315d75316cbdda558c36cc20f8bf240ffbe93063
firefox-devel-1.5.0.12-3.el5.i386.rpm SHA-256: d27431d78ec58783f3c68f79cf25754ff48c48dd608f7a9b2c668bb7e406b41d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.