Issued:
2009-04-27
Updated:
2009-04-27

RHSA-2009:0449 - Security Advisory

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Topic

Updated firefox packages that fix one security issue are now available for
Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A flaw was found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code as the user running Firefox.
(CVE-2009-1313)

For technical details regarding this flaw, refer to the Mozilla security
advisory for Firefox 3.0.10. You can find a link to the Mozilla advisories
in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.10, which corrects this issue. After installing the
update, Firefox must be restarted for the change to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 5.3 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux Server - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 ia64
  • Red Hat Enterprise Linux Server - AUS 5.3 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.3 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - AUS 5.3 x86_64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.3 ppc

Fixes

  • BZ - 497447 - CVE-2009-1313 Firefox crash in nsTextFrame::ClearTextRun()

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
x86_64
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
firefox-3.0.10-1.el5.x86_64.rpm SHA-256: 7dbd9ade6ba79c4856066c3a299ff64f43578eee93ae6928c632b2e0d5641672
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-1.9.0.10-1.el5.x86_64.rpm SHA-256: 7e1227caa84e1ef71cad838986610346dc5b2944b43de26a736b90b5e5f2eaea
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-1.9.0.10-1.el5.x86_64.rpm SHA-256: fbda1c8afd1ae70214ebe4e2e167a4c49dc291bfdcca34ead9602f2597125413
xulrunner-devel-unstable-1.9.0.10-1.el5.x86_64.rpm SHA-256: dc9694edcebee520265aec8fa7b0ebbd03301c6405616ae9d97deb1ee3246604
ia64
firefox-3.0.10-1.el5.ia64.rpm SHA-256: b36a4951deba29a879b6a4eb40794245cada6a0b3b82db9694ca370f189843da
xulrunner-1.9.0.10-1.el5.ia64.rpm SHA-256: 2808231172ade22fcce5c0a841304bd54c3f5eefd16f39d99cf6b7cbffa5f241
xulrunner-devel-1.9.0.10-1.el5.ia64.rpm SHA-256: e38c1a9a7d8291baca5c3ba7d53c8d7e7f4641514563bc00b2d0a27ac58c7052
xulrunner-devel-unstable-1.9.0.10-1.el5.ia64.rpm SHA-256: 35c66ca017705094c4c841a3d63ccd1ff45e0c52784247a87dbcd04d0494fb45
i386
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-unstable-1.9.0.10-1.el5.i386.rpm SHA-256: 2ac80efd34b343cea195592420684f7d29e26e42032a3e7b37a4fec6d228fbb4

Red Hat Enterprise Linux Server 4

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
x86_64
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
ia64
firefox-3.0.10-1.el4.ia64.rpm SHA-256: 1cf235e6a96ee27691e3395c7628bf84a1b26b171c3563c41857e82dc81756e7
firefox-3.0.10-1.el4.ia64.rpm SHA-256: 1cf235e6a96ee27691e3395c7628bf84a1b26b171c3563c41857e82dc81756e7
i386
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead

Red Hat Enterprise Linux Server - Extended Update Support 4.7

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
x86_64
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
ia64
firefox-3.0.10-1.el4.ia64.rpm SHA-256: 1cf235e6a96ee27691e3395c7628bf84a1b26b171c3563c41857e82dc81756e7
firefox-3.0.10-1.el4.ia64.rpm SHA-256: 1cf235e6a96ee27691e3395c7628bf84a1b26b171c3563c41857e82dc81756e7
i386
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead

Red Hat Enterprise Linux Workstation 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
x86_64
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
firefox-3.0.10-1.el5.x86_64.rpm SHA-256: 7dbd9ade6ba79c4856066c3a299ff64f43578eee93ae6928c632b2e0d5641672
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-1.9.0.10-1.el5.x86_64.rpm SHA-256: 7e1227caa84e1ef71cad838986610346dc5b2944b43de26a736b90b5e5f2eaea
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-1.9.0.10-1.el5.x86_64.rpm SHA-256: fbda1c8afd1ae70214ebe4e2e167a4c49dc291bfdcca34ead9602f2597125413
xulrunner-devel-unstable-1.9.0.10-1.el5.x86_64.rpm SHA-256: dc9694edcebee520265aec8fa7b0ebbd03301c6405616ae9d97deb1ee3246604
i386
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-unstable-1.9.0.10-1.el5.i386.rpm SHA-256: 2ac80efd34b343cea195592420684f7d29e26e42032a3e7b37a4fec6d228fbb4

Red Hat Enterprise Linux Workstation 4

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
x86_64
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
ia64
firefox-3.0.10-1.el4.ia64.rpm SHA-256: 1cf235e6a96ee27691e3395c7628bf84a1b26b171c3563c41857e82dc81756e7
i386
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead

Red Hat Enterprise Linux Desktop 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
x86_64
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
firefox-3.0.10-1.el5.x86_64.rpm SHA-256: 7dbd9ade6ba79c4856066c3a299ff64f43578eee93ae6928c632b2e0d5641672
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-1.9.0.10-1.el5.x86_64.rpm SHA-256: 7e1227caa84e1ef71cad838986610346dc5b2944b43de26a736b90b5e5f2eaea
i386
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009

Red Hat Enterprise Linux Desktop 4

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
x86_64
firefox-3.0.10-1.el4.x86_64.rpm SHA-256: b43e9cef2656d9476b9d3cc523997910b1a3c7a1347a9bfd1362a2040e053917
i386
firefox-3.0.10-1.el4.i386.rpm SHA-256: 902c0b7080f194280304667bec02dd3c57656c676c13b3624b10919ede988ead

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
s390x
firefox-3.0.10-1.el5.s390.rpm SHA-256: d7a42e81a9b739a9b8873bb59ced286592e6ba98802e6370d162681964b4807d
firefox-3.0.10-1.el5.s390x.rpm SHA-256: 95c44fbc835db687b0097924e2993ffa271eb48e5d4ec8314497e7833bb4f79b
xulrunner-1.9.0.10-1.el5.s390.rpm SHA-256: 5263a726227335e256d5c1ac06ad6d2dd4d97ee7ccb12c4028c363ea271d7250
xulrunner-1.9.0.10-1.el5.s390x.rpm SHA-256: 01fa434662857da5b822dc5dbf68a48e3618bfd361f023c617e43f736b504055
xulrunner-devel-1.9.0.10-1.el5.s390.rpm SHA-256: dd767dd05cda6fe764150c6d3f7b903c1654d368918024c7b0f4de69dc358c59
xulrunner-devel-1.9.0.10-1.el5.s390x.rpm SHA-256: 470ec6e2dabcc3a54489edec47b6546d02e4a8ba2523855b31d3dcbcadcd471e
xulrunner-devel-unstable-1.9.0.10-1.el5.s390x.rpm SHA-256: 662d133bb63a08bb9b298451587e1d43b682c1c028d5ecbc49f4dd34f4e1a6ea

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
s390x
firefox-3.0.10-1.el4.s390x.rpm SHA-256: b3d265acb8b59640a26b1b37555a7e6301c60d60116aef87931c586e634bb6a7
s390
firefox-3.0.10-1.el4.s390.rpm SHA-256: 9c7172f45857c0d8c899a2596bcfdc4457d370155b1f933ade2da6a1183e4c7a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
s390x
firefox-3.0.10-1.el4.s390x.rpm SHA-256: b3d265acb8b59640a26b1b37555a7e6301c60d60116aef87931c586e634bb6a7
s390
firefox-3.0.10-1.el4.s390.rpm SHA-256: 9c7172f45857c0d8c899a2596bcfdc4457d370155b1f933ade2da6a1183e4c7a

Red Hat Enterprise Linux for Power, big endian 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
ppc
firefox-3.0.10-1.el5.ppc.rpm SHA-256: 81420d21ea869ab842e9bece3f948a97ee0fd6ab0d1daa5703ea26d9488c10a5
xulrunner-1.9.0.10-1.el5.ppc.rpm SHA-256: 5f4de5979df0e4414c4e135011d07e0665f774f4b54899273a9803a0769964fa
xulrunner-1.9.0.10-1.el5.ppc64.rpm SHA-256: d49e2c3e33b529ececc0176472744f81299310c3066a75768f8116774e809f90
xulrunner-devel-1.9.0.10-1.el5.ppc.rpm SHA-256: e53d31863e3cf4f8a7c047ee609ef300c8cc60176bfb13d51bbf0e70150df681
xulrunner-devel-1.9.0.10-1.el5.ppc64.rpm SHA-256: 70c8f6dd915e72341ebeb1287ccacb246d2147f25b8f61a8d510bbf02b0efdda
xulrunner-devel-unstable-1.9.0.10-1.el5.ppc.rpm SHA-256: 76f346d526558a19bb991bb98fc0c5f7255aa6073893b9e9659df28328e4ccb8

Red Hat Enterprise Linux for Power, big endian 4

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
ppc
firefox-3.0.10-1.el4.ppc.rpm SHA-256: 93daad9e03122258df1630f2fa008e92f7ca55cc1e1baecbaa921cdae2a74b0d

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
firefox-3.0.10-1.el4.src.rpm SHA-256: 6325354fb9cd85d411b113e11e01f0ece648443cba8e22c73945b6af4f27165b
ppc
firefox-3.0.10-1.el4.ppc.rpm SHA-256: 93daad9e03122258df1630f2fa008e92f7ca55cc1e1baecbaa921cdae2a74b0d

Red Hat Enterprise Linux Server from RHUI 5

SRPM
firefox-3.0.10-1.el5.src.rpm SHA-256: f79226070c6aaede43eda1bcb96ea0929028d107905f4ed98df20a46996cbe51
xulrunner-1.9.0.10-1.el5.src.rpm SHA-256: eb1de17239ad56e059f67ca663a0e6d8b23047225c96fe72b415548a2ac49473
x86_64
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
firefox-3.0.10-1.el5.x86_64.rpm SHA-256: 7dbd9ade6ba79c4856066c3a299ff64f43578eee93ae6928c632b2e0d5641672
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-1.9.0.10-1.el5.x86_64.rpm SHA-256: 7e1227caa84e1ef71cad838986610346dc5b2944b43de26a736b90b5e5f2eaea
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-1.9.0.10-1.el5.x86_64.rpm SHA-256: fbda1c8afd1ae70214ebe4e2e167a4c49dc291bfdcca34ead9602f2597125413
xulrunner-devel-unstable-1.9.0.10-1.el5.x86_64.rpm SHA-256: dc9694edcebee520265aec8fa7b0ebbd03301c6405616ae9d97deb1ee3246604
i386
firefox-3.0.10-1.el5.i386.rpm SHA-256: d43b9b72667752271a033011c702b6cee959b7ecdc59f298b36c2239a0a39371
xulrunner-1.9.0.10-1.el5.i386.rpm SHA-256: e2fc8bf6e9c7db6427d6ec6f7a1a08d239afc3c742524de72505969d5cae9009
xulrunner-devel-1.9.0.10-1.el5.i386.rpm SHA-256: f6d559599567da8843dfc09a3d883e4c01f14be55a522c21d101262f6c98f9e1
xulrunner-devel-unstable-1.9.0.10-1.el5.i386.rpm SHA-256: 2ac80efd34b343cea195592420684f7d29e26e42032a3e7b37a4fec6d228fbb4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.