RHSA-2009:0315 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Topic

An updated firefox package that fixes various security issues is now
available for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Mozilla Firefox is an open source Web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,
CVE-2009-0775)

Several flaws were found in the way malformed content was processed. A
website containing specially-crafted content could, potentially, trick a
Firefox user into surrendering sensitive information. (CVE-2009-0776,
CVE-2009-0777)

For technical details regarding these flaws, please see the Mozilla
security advisories for Firefox 3.0.7. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.7, and which correct these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
Red Hat Enterprise Linux Server - AUS 5.3 ia64
Red Hat Enterprise Linux Server - AUS 5.3 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386
Red Hat Enterprise Linux Server - AUS 5.3 x86_64
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

BZ - 486355 - CVE-2009-0040 libpng arbitrary free() flaw

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
x86_64
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
firefox-3.0.7-1.el5.x86_64.rpm	SHA-256: 604ce8db89ff5c2df216179e81bf97d424de8adddf2c95f99e5eda7ac1bf756a
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 35edbe91d506c67ada7af5925335214ffd8d71c61bf2c33806bad4a9ebdd8ce8
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 39d12379744436a355574eac9787203ee929e6db87d5a27ca1532e0642560a85
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 360155114662e5ac580a580b07bb9a84fbee0471e932f7d27b6990036c373cc3
ia64
firefox-3.0.7-1.el5.ia64.rpm	SHA-256: 97190a930ef4cc36bd21acff29f16436ced1b1af5f56d506f0195ade7ac1701d
xulrunner-1.9.0.7-1.el5.ia64.rpm	SHA-256: e8f987c3bd19a46bcd551bb8833617414333a04a1fd191de9d9c7cfb9b4d58fb
xulrunner-devel-1.9.0.7-1.el5.ia64.rpm	SHA-256: 66e8a31c29b12851b56d12d85411d63396f3a2310097723f09888f3f85501270
xulrunner-devel-unstable-1.9.0.7-1.el5.ia64.rpm	SHA-256: e865752a436b11c6e05aa35a3ef1feaa4fc20f2438648671a241f54cd46fb5fc
i386
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm	SHA-256: 9f57fa7559ab0f1d101df71b3765111b0f38545a74fe05edd2884a3de794bbf0

Red Hat Enterprise Linux Server 4

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
x86_64
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
ia64
firefox-3.0.7-1.el4.ia64.rpm	SHA-256: 9acfb312e5c1d2dcc0bbe6ee4a3c56bf163056dc05aacd839ec83e3e80079db7
firefox-3.0.7-1.el4.ia64.rpm	SHA-256: 9acfb312e5c1d2dcc0bbe6ee4a3c56bf163056dc05aacd839ec83e3e80079db7
i386
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
x86_64
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
ia64
firefox-3.0.7-1.el4.ia64.rpm	SHA-256: 9acfb312e5c1d2dcc0bbe6ee4a3c56bf163056dc05aacd839ec83e3e80079db7
firefox-3.0.7-1.el4.ia64.rpm	SHA-256: 9acfb312e5c1d2dcc0bbe6ee4a3c56bf163056dc05aacd839ec83e3e80079db7
i386
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1

Red Hat Enterprise Linux Workstation 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
x86_64
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
firefox-3.0.7-1.el5.x86_64.rpm	SHA-256: 604ce8db89ff5c2df216179e81bf97d424de8adddf2c95f99e5eda7ac1bf756a
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 35edbe91d506c67ada7af5925335214ffd8d71c61bf2c33806bad4a9ebdd8ce8
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 39d12379744436a355574eac9787203ee929e6db87d5a27ca1532e0642560a85
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 360155114662e5ac580a580b07bb9a84fbee0471e932f7d27b6990036c373cc3
i386
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm	SHA-256: 9f57fa7559ab0f1d101df71b3765111b0f38545a74fe05edd2884a3de794bbf0

Red Hat Enterprise Linux Workstation 4

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
x86_64
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
ia64
firefox-3.0.7-1.el4.ia64.rpm	SHA-256: 9acfb312e5c1d2dcc0bbe6ee4a3c56bf163056dc05aacd839ec83e3e80079db7
i386
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1

Red Hat Enterprise Linux Desktop 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
x86_64
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
firefox-3.0.7-1.el5.x86_64.rpm	SHA-256: 604ce8db89ff5c2df216179e81bf97d424de8adddf2c95f99e5eda7ac1bf756a
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 35edbe91d506c67ada7af5925335214ffd8d71c61bf2c33806bad4a9ebdd8ce8
i386
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db

Red Hat Enterprise Linux Desktop 4

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
x86_64
firefox-3.0.7-1.el4.x86_64.rpm	SHA-256: 3593c9fdd8a9ca49e79334a6f8de2c8d6424045da43982736ecf300ba85c6a89
i386
firefox-3.0.7-1.el4.i386.rpm	SHA-256: 617a3537ee3e7f67c3f5a860b7ed883efcaf97214332cc9375a8737155aecfc1

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
s390x
firefox-3.0.7-1.el5.s390.rpm	SHA-256: 93b71f4369644e64e8978bcfec6d8de3369da9b979d220a0de2cce48b065c3e6
firefox-3.0.7-1.el5.s390x.rpm	SHA-256: fdfc1085a7844dae48dda0f67504929709a814cfd58bac52e78308208d232033
xulrunner-1.9.0.7-1.el5.s390.rpm	SHA-256: 25a51ad38037ff58a873ef962797be5bd6aa7fa7d28bbb0edd1d09ff1bf5b056
xulrunner-1.9.0.7-1.el5.s390x.rpm	SHA-256: 08a509640f61f9e636b60ddabd00071cc2fd0c602bc16d0f3fb6c681a8ce5c3d
xulrunner-devel-1.9.0.7-1.el5.s390.rpm	SHA-256: 77042d236a3c26357b45132952cc236a4d9da055aff2688c245845fcfa194fdf
xulrunner-devel-1.9.0.7-1.el5.s390x.rpm	SHA-256: dc6a36d99b85a3f3ec0e09845a25875c5c2cb46b965853ad6178cc9d11168956
xulrunner-devel-unstable-1.9.0.7-1.el5.s390x.rpm	SHA-256: 1142ae6640134c7e743de983267ab86fffb958a671d637a8f438a0ed2023b8c9

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
s390x
firefox-3.0.7-1.el4.s390x.rpm	SHA-256: 89c2d7421ea9a5c0513dd02b5e3df52ebae71fe612a6262de1a40e391054f8f8
s390
firefox-3.0.7-1.el4.s390.rpm	SHA-256: 37b08c996b3bb9532db097e8c8b9d024a62d89a90a92e614c81e705e351ca947

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
s390x
firefox-3.0.7-1.el4.s390x.rpm	SHA-256: 89c2d7421ea9a5c0513dd02b5e3df52ebae71fe612a6262de1a40e391054f8f8
s390
firefox-3.0.7-1.el4.s390.rpm	SHA-256: 37b08c996b3bb9532db097e8c8b9d024a62d89a90a92e614c81e705e351ca947

Red Hat Enterprise Linux for Power, big endian 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
ppc
firefox-3.0.7-1.el5.ppc.rpm	SHA-256: a8c040982e7566e303f82fb707e381d1eeb2241eaf175fe4281feb41f6d019f4
xulrunner-1.9.0.7-1.el5.ppc.rpm	SHA-256: 62a85828489fb75ce6c74b05602a6880b1203e1022fb3d3e65679f24eb72e75f
xulrunner-1.9.0.7-1.el5.ppc64.rpm	SHA-256: 30c2f3dd5f14d324f1b3c88e41808befa703c10df8de4b879792abe0203b5fdd
xulrunner-devel-1.9.0.7-1.el5.ppc.rpm	SHA-256: f12d65c3e9354b209612e1cc1584cd40f94404c2bd4e3475e2f95e92cca03e51
xulrunner-devel-1.9.0.7-1.el5.ppc64.rpm	SHA-256: 4caaac76212f31b6886215c1772371f955725164618f16a02802b2d24dcde021
xulrunner-devel-unstable-1.9.0.7-1.el5.ppc.rpm	SHA-256: ee10394a817ac57b0af16f6b355288e6095b78455b0cd312cb00b2e9932de412

Red Hat Enterprise Linux for Power, big endian 4

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
ppc
firefox-3.0.7-1.el4.ppc.rpm	SHA-256: 1e56cc7ffc5d18c21d16abe704e8d02e71442c33da3401ee92c41d4a9d22b4ce

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
firefox-3.0.7-1.el4.src.rpm	SHA-256: c8b44780661d95e729a0c4f9c734f59b55838b020d09254f581924d878808d23
ppc
firefox-3.0.7-1.el4.ppc.rpm	SHA-256: 1e56cc7ffc5d18c21d16abe704e8d02e71442c33da3401ee92c41d4a9d22b4ce

Red Hat Enterprise Linux Server from RHUI 5

SRPM
firefox-3.0.7-1.el5.src.rpm	SHA-256: 8cc29aa3be55a4651fcb794f0eb2800845502caa2d189081cfaeb30e6d0b43c9
xulrunner-1.9.0.7-1.el5.src.rpm	SHA-256: 82b00164b21abb96fc8fec696b799b156956d6c6e206cdaae14ab8b4bc8a3a2a
x86_64
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
firefox-3.0.7-1.el5.x86_64.rpm	SHA-256: 604ce8db89ff5c2df216179e81bf97d424de8adddf2c95f99e5eda7ac1bf756a
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 35edbe91d506c67ada7af5925335214ffd8d71c61bf2c33806bad4a9ebdd8ce8
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 39d12379744436a355574eac9787203ee929e6db87d5a27ca1532e0642560a85
xulrunner-devel-unstable-1.9.0.7-1.el5.x86_64.rpm	SHA-256: 360155114662e5ac580a580b07bb9a84fbee0471e932f7d27b6990036c373cc3
i386
firefox-3.0.7-1.el5.i386.rpm	SHA-256: 9ff56da1c4eefda7055f64c42a183a7b7c66feb939db02170cba26f0acaa81b2
xulrunner-1.9.0.7-1.el5.i386.rpm	SHA-256: 4df6759deaf853420c4e8a5ed262b02f9b0e7886a1db8365de2b17cf49b571db
xulrunner-devel-1.9.0.7-1.el5.i386.rpm	SHA-256: db7dca085fc5c12ea2127e9ae4161ee925ece41f218fbe9afba5a719ef321254
xulrunner-devel-unstable-1.9.0.7-1.el5.i386.rpm	SHA-256: 9f57fa7559ab0f1d101df71b3765111b0f38545a74fe05edd2884a3de794bbf0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.