Issued:: 2010-07-23
Updated:: 2010-07-23

RHSA-2010:0558 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated firefox packages that fix a security issue are now available
for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Mozilla Firefox is an open source web browser.

An invalid free flaw was found in Firefox's plugin handler. Malicious web
content could result in an invalid memory pointer being freed, causing Firefox
to crash or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2010-2755)

All Firefox users should upgrade to these updated packages, which contain a
backported patch that corrects this issue. After installing the update, Firefox
must be restarted for the changes to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

Red Hat Enterprise Linux Server 4 x86_64
Red Hat Enterprise Linux Server 4 ia64
Red Hat Enterprise Linux Server 4 i386
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 ia64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8 i386
Red Hat Enterprise Linux Workstation 4 x86_64
Red Hat Enterprise Linux Workstation 4 ia64
Red Hat Enterprise Linux Workstation 4 i386
Red Hat Enterprise Linux Desktop 4 x86_64
Red Hat Enterprise Linux Desktop 4 i386
Red Hat Enterprise Linux for IBM z Systems 4 s390x
Red Hat Enterprise Linux for IBM z Systems 4 s390
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
Red Hat Enterprise Linux for Power, big endian 4 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc

Fixes

BZ - 617657 - CVE-2010-2755 Mozilla arbitrary free flaw

CVEs

CVE-2010-2755

References

http://www.redhat.com/security/updates/classification/#critical

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 4

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
x86_64
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
ia64
firefox-3.6.7-3.el4.ia64.rpm	SHA-256: d4bb936b454b7f8a6ca526f33052871fe8e2be39a2771cd84b269da9da3f183c
firefox-3.6.7-3.el4.ia64.rpm	SHA-256: d4bb936b454b7f8a6ca526f33052871fe8e2be39a2771cd84b269da9da3f183c
i386
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.8

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
x86_64
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
ia64
firefox-3.6.7-3.el4.ia64.rpm	SHA-256: d4bb936b454b7f8a6ca526f33052871fe8e2be39a2771cd84b269da9da3f183c
firefox-3.6.7-3.el4.ia64.rpm	SHA-256: d4bb936b454b7f8a6ca526f33052871fe8e2be39a2771cd84b269da9da3f183c
i386
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515

Red Hat Enterprise Linux Workstation 4

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
x86_64
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
ia64
firefox-3.6.7-3.el4.ia64.rpm	SHA-256: d4bb936b454b7f8a6ca526f33052871fe8e2be39a2771cd84b269da9da3f183c
i386
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515

Red Hat Enterprise Linux Desktop 4

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
x86_64
firefox-3.6.7-3.el4.x86_64.rpm	SHA-256: 94b82ae3e93d6f41b01d06f15360ddd57f273d1c2681e78b957dc3552a9e6e6f
i386
firefox-3.6.7-3.el4.i386.rpm	SHA-256: 5628698d213a9c07541bcf327067356eabb2b01256eba49aab1904a8de09e515

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
s390x
firefox-3.6.7-3.el4.s390x.rpm	SHA-256: 10591a965138292ac65a722825ea6b0260f592a67ec56b6a2b726e753df6824c
s390
firefox-3.6.7-3.el4.s390.rpm	SHA-256: 7cc4cfd36c57e58b4dc083debc247c824aaf136ab545f9bcbcdb62d1f890bb29

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
s390x
firefox-3.6.7-3.el4.s390x.rpm	SHA-256: 10591a965138292ac65a722825ea6b0260f592a67ec56b6a2b726e753df6824c
s390
firefox-3.6.7-3.el4.s390.rpm	SHA-256: 7cc4cfd36c57e58b4dc083debc247c824aaf136ab545f9bcbcdb62d1f890bb29

Red Hat Enterprise Linux for Power, big endian 4

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
ppc
firefox-3.6.7-3.el4.ppc.rpm	SHA-256: eb5900ba31db62efb2b4e70f23076555c0f041048d0bf53166c29d6effce2ee1

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8

SRPM
firefox-3.6.7-3.el4.src.rpm	SHA-256: ecdf38e468ca26d4505c73ead7bc3873bc9fdf41b5e97c13b9781a641a92540f
ppc
firefox-3.6.7-3.el4.ppc.rpm	SHA-256: eb5900ba31db62efb2b4e70f23076555c0f041048d0bf53166c29d6effce2ee1

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation