Issued:
2010-02-17
Updated:
2010-02-17

RHSA-2010:0112 - Security Advisory

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

Description

Mozilla Firefox is an open source Web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

A use-after-free flaw was found in Firefox. Under low memory conditions,
visiting a web page containing malicious content could result in Firefox
executing arbitrary code with the privileges of the user running Firefox.
(CVE-2009-1571)

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-0159, CVE-2010-0160)

Two flaws were found in the way certain content was processed. An attacker
could use these flaws to create a malicious web page that could bypass the
same-origin policy, or possibly run untrusted JavaScript. (CVE-2009-3988,
CVE-2010-0162)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.0.18. You can find a link to the Mozilla
advisories in the References section of this errata.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.0.18, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

  • BZ - 566047 - CVE-2010-0159 Mozilla crashes with evidence of memory corruption (MFSA 2010-01)
  • BZ - 566049 - CVE-2010-0160 Mozilla implementation of Web Workers can lead to crash with evidence of memory corruption (MFSA 2010-02)
  • BZ - 566050 - CVE-2009-1571 Mozilla incorrectly frees used memory (MFSA 2010-03)
  • BZ - 566051 - CVE-2009-3988 Mozilla violation of same-origin policy due to properties set on objects passed to showModalDialog (MFSA 2010-04)
  • BZ - 566052 - CVE-2010-0162 Mozilla bypass of same-origin policy due to improper SVG document processing (MFSA 2010-05)

Red Hat Enterprise Linux Server 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
x86_64
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
firefox-3.0.18-1.el5_4.x86_64.rpm SHA-256: 8adf65b8fb9c29f5c3aac79d80c3049633d8f3d7ba695ef23e668d593672ca41
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 05a1c046a7a467c327d00106c429918bb3f53bb908336387134a1926c58179b4
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 53b3a07ce5b3eefe0ca9cb60060f9d795eaa5fadaf20fde83cc9310036081587
xulrunner-devel-unstable-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 06f888b001f4d28aad6c8addbffe341053e9e88675f0bcf3a5a2b4d1e43119d1
ia64
firefox-3.0.18-1.el5_4.ia64.rpm SHA-256: 2b163af6c8f6af93a38e268c6da12b438b78b3a9664fa408323d4209e13effcd
xulrunner-1.9.0.18-1.el5_4.ia64.rpm SHA-256: 2fb878c0936c01a0c3c7088fd0c520314f58c7333ddb4d040091452f0acad780
xulrunner-devel-1.9.0.18-1.el5_4.ia64.rpm SHA-256: ee05dcc7b9d139d0ba0101c54b0495f8655a0af1d8a09cc046b406dea00025a2
xulrunner-devel-unstable-1.9.0.18-1.el5_4.ia64.rpm SHA-256: 4671e61d16eea6de4d83ec8bb331e4d6b82da596b07bfe5475ca5f67c30e574d
i386
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-unstable-1.9.0.18-1.el5_4.i386.rpm SHA-256: 37fd06f229264d551d531c8b02726414b0623aa1a42c4a2dff4812635afca452

Red Hat Enterprise Linux Server 4

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
x86_64
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
ia64
firefox-3.0.18-1.el4.ia64.rpm SHA-256: 8a73bc28464c30665ed48ac9b42f8a8ccc6aaa3d860eaa804cdb15fd771713e8
firefox-3.0.18-1.el4.ia64.rpm SHA-256: 8a73bc28464c30665ed48ac9b42f8a8ccc6aaa3d860eaa804cdb15fd771713e8
i386
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c

Red Hat Enterprise Linux for x86_64 - Extended Update Support 5.4

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
x86_64
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
ia64
firefox-3.0.18-1.el4.ia64.rpm SHA-256: 8a73bc28464c30665ed48ac9b42f8a8ccc6aaa3d860eaa804cdb15fd771713e8
firefox-3.0.18-1.el4.ia64.rpm SHA-256: 8a73bc28464c30665ed48ac9b42f8a8ccc6aaa3d860eaa804cdb15fd771713e8
i386
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c

Red Hat Enterprise Linux Workstation 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
x86_64
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
firefox-3.0.18-1.el5_4.x86_64.rpm SHA-256: 8adf65b8fb9c29f5c3aac79d80c3049633d8f3d7ba695ef23e668d593672ca41
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 05a1c046a7a467c327d00106c429918bb3f53bb908336387134a1926c58179b4
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 53b3a07ce5b3eefe0ca9cb60060f9d795eaa5fadaf20fde83cc9310036081587
xulrunner-devel-unstable-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 06f888b001f4d28aad6c8addbffe341053e9e88675f0bcf3a5a2b4d1e43119d1
i386
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-unstable-1.9.0.18-1.el5_4.i386.rpm SHA-256: 37fd06f229264d551d531c8b02726414b0623aa1a42c4a2dff4812635afca452

Red Hat Enterprise Linux Workstation 4

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
x86_64
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
ia64
firefox-3.0.18-1.el4.ia64.rpm SHA-256: 8a73bc28464c30665ed48ac9b42f8a8ccc6aaa3d860eaa804cdb15fd771713e8
i386
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c

Red Hat Enterprise Linux Desktop 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
x86_64
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
firefox-3.0.18-1.el5_4.x86_64.rpm SHA-256: 8adf65b8fb9c29f5c3aac79d80c3049633d8f3d7ba695ef23e668d593672ca41
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 05a1c046a7a467c327d00106c429918bb3f53bb908336387134a1926c58179b4
i386
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9

Red Hat Enterprise Linux Desktop 4

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
x86_64
firefox-3.0.18-1.el4.x86_64.rpm SHA-256: 225a004cad87d73f7ec5e8e0593e77293c71fad64126cd8916109bf57a0904dc
i386
firefox-3.0.18-1.el4.i386.rpm SHA-256: a03f739b46aacb64e8f730980b6a37fffb0ba2cd19499e772069babef55ef32c

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
s390x
firefox-3.0.18-1.el5_4.s390.rpm SHA-256: 842a283a9efeb13e0c5807d50e9501e58ac2495eda90a4e6b468de23299ec514
firefox-3.0.18-1.el5_4.s390x.rpm SHA-256: ccb35a7e90811ff8880797ee0fc9e3b192f0d928caac8402404d6845197a9a57
xulrunner-1.9.0.18-1.el5_4.s390.rpm SHA-256: f400dceead23c8c6e746022621b454ca916a44d4385d0930c1cb9da227ab7024
xulrunner-1.9.0.18-1.el5_4.s390x.rpm SHA-256: 034833e25e3e8324e549f198cfe7bb405662bd12a6ad5d66175d15cc624b4cae
xulrunner-devel-1.9.0.18-1.el5_4.s390.rpm SHA-256: 5c7582dcd5da463dd83c68401551f2fc0d5a7bd12786e06141176033627e4b7b
xulrunner-devel-1.9.0.18-1.el5_4.s390x.rpm SHA-256: 8b2447b5d9186f64a70d35416860e858f6828c17db036a01511f5d2511030511
xulrunner-devel-unstable-1.9.0.18-1.el5_4.s390x.rpm SHA-256: b24f5298e7aaf88e8a2c128152f2dfd7c405e70225f3d699bb60c445dddbc613

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
s390x
firefox-3.0.18-1.el4.s390x.rpm SHA-256: 0b16b461d9a905ed3536a4d9c4057c8b82e98f269424bcdd78c1f33ef57a9f62
s390
firefox-3.0.18-1.el4.s390.rpm SHA-256: ce3f51a92bfffb6ff1eaf9647bec3513f1e4633b600ba57c9d3d0298cfa36a25

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.4

SRPM
s390x

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
s390x
firefox-3.0.18-1.el4.s390x.rpm SHA-256: 0b16b461d9a905ed3536a4d9c4057c8b82e98f269424bcdd78c1f33ef57a9f62
s390
firefox-3.0.18-1.el4.s390.rpm SHA-256: ce3f51a92bfffb6ff1eaf9647bec3513f1e4633b600ba57c9d3d0298cfa36a25

Red Hat Enterprise Linux for Power, big endian 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
ppc
firefox-3.0.18-1.el5_4.ppc.rpm SHA-256: 77e80a358e8e0c9f99db1c5a76b27c0639327d8dffe00f0ac19d40a657949158
xulrunner-1.9.0.18-1.el5_4.ppc.rpm SHA-256: 56f0fe74d11602d7ee23d3253cb20e7ef775054ec146c441dbe46d87b03421a0
xulrunner-1.9.0.18-1.el5_4.ppc64.rpm SHA-256: 1b9a47fa63ae6f1c2ffa14b504c5734d6a04f257d324ebaf0e72ae5ed828ec4e
xulrunner-devel-1.9.0.18-1.el5_4.ppc.rpm SHA-256: 7be7ccd91d8d4477fbc067a196f0b967880b73c6328f74bf067a7e2a34402fb0
xulrunner-devel-1.9.0.18-1.el5_4.ppc64.rpm SHA-256: 5b06c62cf6cfb708714f9e2123541a5a4f9638b240acf841ce98797e68db4878
xulrunner-devel-unstable-1.9.0.18-1.el5_4.ppc.rpm SHA-256: 4cb8cfbc5fe758c306acbe90c798db89253a20ac301a2ee0ab561bfe958bf91a

Red Hat Enterprise Linux for Power, big endian 4

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
ppc
firefox-3.0.18-1.el4.ppc.rpm SHA-256: 9ea5e0b58b74563d4670aab1089a56624dab32651b12782675ab925af2dee5b3

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.4

SRPM
ppc

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
firefox-3.0.18-1.el4.src.rpm SHA-256: c6eedc6589cfb205f92808943444519866741ca698c03797003c874f821f4fd5
ppc
firefox-3.0.18-1.el4.ppc.rpm SHA-256: 9ea5e0b58b74563d4670aab1089a56624dab32651b12782675ab925af2dee5b3

Red Hat Enterprise Linux Server from RHUI 5

SRPM
firefox-3.0.18-1.el5_4.src.rpm SHA-256: 3fc57f47917f8af369c380379635f211fb573726bccf4c9b56a952918428e25c
xulrunner-1.9.0.18-1.el5_4.src.rpm SHA-256: 1019902fe09fb6d25108df90d2f8e150875bb5303305d441d394465663270637
x86_64
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
firefox-3.0.18-1.el5_4.x86_64.rpm SHA-256: 8adf65b8fb9c29f5c3aac79d80c3049633d8f3d7ba695ef23e668d593672ca41
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 05a1c046a7a467c327d00106c429918bb3f53bb908336387134a1926c58179b4
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 53b3a07ce5b3eefe0ca9cb60060f9d795eaa5fadaf20fde83cc9310036081587
xulrunner-devel-unstable-1.9.0.18-1.el5_4.x86_64.rpm SHA-256: 06f888b001f4d28aad6c8addbffe341053e9e88675f0bcf3a5a2b4d1e43119d1
i386
firefox-3.0.18-1.el5_4.i386.rpm SHA-256: faddceef1ba896b1bf73c866e2dd6bc3b36cf2e6e9188fced029591c2a55dbfc
xulrunner-1.9.0.18-1.el5_4.i386.rpm SHA-256: 4dac84443f201b582059e30845ac229f077ede1b32dae7a1aa8d3b39418fb2b9
xulrunner-devel-1.9.0.18-1.el5_4.i386.rpm SHA-256: 64e7f9f53318e3af04c91c57fe2cf131b1892782b0481aeb4f4d66c958a80234
xulrunner-devel-unstable-1.9.0.18-1.el5_4.i386.rpm SHA-256: 37fd06f229264d551d531c8b02726414b0623aa1a42c4a2dff4812635afca452

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.