Synopsis

Critical: firefox security update

Type/Severity

Security Advisory: Critical

Topic

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 4 and 5.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Description

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-3169, CVE-2010-2762)

Several use-after-free and dangling pointer flaws were found in Firefox. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2010-2760, CVE-2010-2766, CVE-2010-2767, CVE-2010-3167,
CVE-2010-3168)

Multiple buffer overflow flaws were found in Firefox. A web page containing
malicious content could cause Firefox to crash or, potentially, execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2010-2765, CVE-2010-3166)

Multiple cross-site scripting (XSS) flaws were found in Firefox. A web page
containing malicious content could cause Firefox to run JavaScript code
with the permissions of a different website. (CVE-2010-2768, CVE-2010-2769)

A flaw was found in the Firefox XMLHttpRequest object. A remote site could
use this flaw to gather information about servers on an internal private
network. (CVE-2010-2764)

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 3.6.9. You can find a link to the Mozilla advisories
in the References section of this erratum.

Note: After installing this update, Firefox will fail to connect (with
HTTPS) to a server using the SSL DHE (Diffie-Hellman Ephemeral) key
exchange if the server's ephemeral key is too small. Connecting to such
servers is a security risk as an ephemeral key that is too small makes the
SSL connection vulnerable to attack. Refer to the Solution section for
further information.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 3.6.9, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

If you encounter the condition where Firefox fails to connect to a
server that has an ephemeral key that is too small, you can try
connecting using a cipher suite with a different key exchange algorithm
by disabling all DHE cipher suites in Firefox:

1) Type about:config in the URL bar and press the Enter key.
2) In the Filter search bar, type ssl3.dhe
3) For all preferences now presented, double-click the true value to
change the value to false.

Note: This change would affect connections to all HTTPS servers.

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Server 4 x86_64
• Red Hat Enterprise Linux Server 4 ia64
• Red Hat Enterprise Linux Server 4 i386
• Red Hat Enterprise Linux Server - Extended Update Support 4.8 x86_64
• Red Hat Enterprise Linux Server - Extended Update Support 4.8 ia64
• Red Hat Enterprise Linux Server - Extended Update Support 4.8 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Workstation 4 x86_64
• Red Hat Enterprise Linux Workstation 4 ia64
• Red Hat Enterprise Linux Workstation 4 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux Desktop 4 x86_64
• Red Hat Enterprise Linux Desktop 4 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390x
• Red Hat Enterprise Linux for IBM z Systems 4 s390
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390x
• Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.8 s390
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux for Power, big endian 4 ppc
• Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.8 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 630055 - CVE-2010-3169 Mozilla Miscellaneous memory safety hazards
• BZ - 630056 - CVE-2010-2765 Mozilla Frameset integer overflow vulnerability (MFSA 2010-50)
• BZ - 630059 - CVE-2010-2767 Mozilla Dangling pointer vulnerability using DOM plugin array (MFSA 2010-51)
• BZ - 630061 - CVE-2010-3166 Mozilla Heap buffer overflow in nsTextFrameUtils::TransformText (MFSA 2010-53)
• BZ - 630062 - CVE-2010-2760 Mozilla Dangling pointer vulnerability in nsTreeSelection (MFSA 2010-54)
• BZ - 630064 - CVE-2010-3168 Mozilla XUL tree removal crash and remote code execution (MFSA 2010-55)
• BZ - 630067 - CVE-2010-3167 Mozilla Dangling pointer vulnerability in nsTreeContentView (MFSA 2010-56)
• BZ - 630069 - CVE-2010-2766 Mozilla Crash and remote code execution in normalizeDocument (MFSA 2010-57)
• BZ - 630071 - CVE-2010-2762 Mozilla SJOW creates scope chains ending in outer object (MFSA 2010-59)
• BZ - 630074 - CVE-2010-2768 Mozilla UTF-7 XSS by overriding document charset using <object> type attribute (MFSA 2010-61)
• BZ - 630075 - CVE-2010-2769 Mozilla Copy-and-paste or drag-and-drop into designMode document allows XSS (MFSA 2010-62)
• BZ - 630078 - CVE-2010-2764 Mozilla Information leak via XMLHttpRequest statusText (MFSA 2010-63)

CVEs

• CVE-2010-3168
• CVE-2010-3169
• CVE-2010-3167
• CVE-2010-2768
• CVE-2010-2760
• CVE-2010-2767
• CVE-2010-2765
• CVE-2010-3166
• CVE-2010-2769
• CVE-2010-2762
• CVE-2010-2766
• CVE-2010-2764

References

• http://www.redhat.com/security/updates/classification/#critical
• http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.9

Red Hat Enterprise Linux Server 5

SRPM
x86_64
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
firefox-3.6.9-2.el5.x86_64.rpm	SHA-256: 245f91353a3405a50c0db6bb8e1c0f1bdd33cdc587897f98cf973b1b17560d09
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-4.8.6-1.el5.x86_64.rpm	SHA-256: ba21b26cf9fd75fec1d6d181d92665ef4588cc4eed358d8ff010991195c09fba
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nspr-devel-4.8.6-1.el5.x86_64.rpm	SHA-256: 6e8b6214846f0b1eef6b6c211ab40883b171708aa717f4b11091812978bc6b8b
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-3.12.7-2.el5.x86_64.rpm	SHA-256: 0ba0df590688ef30e2767154fb223b6a9492c7c15378514f95f51bfe1a74adbd
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 2de92cbc3cf3c802fcd5c9fb41abae46c1af13f58db4667c49d192cfb32447ac
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
nss-pkcs11-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 6e86270e4fb132111550a13d5e47a3c52f6118b44c5dd147df403f221f6eceed
nss-tools-3.12.7-2.el5.x86_64.rpm	SHA-256: ea7372e87c743123efa93117188ed7e595483a21a2184b8a65ad23600b6deed0
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-1.9.2.9-1.el5.x86_64.rpm	SHA-256: 41bce2e6eaf8fbc3760c6ce25303915d4bbe04b5fefd1d2d80e377611dbd9fef
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398
xulrunner-devel-1.9.2.9-1.el5.x86_64.rpm	SHA-256: ec01b8cbce4ef51bc395f680f1dc4efee6be536f9ad7387c8edc1240d7f6e4d6
ia64
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
i386
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398

Red Hat Enterprise Linux Workstation 5

SRPM
x86_64
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
firefox-3.6.9-2.el5.x86_64.rpm	SHA-256: 245f91353a3405a50c0db6bb8e1c0f1bdd33cdc587897f98cf973b1b17560d09
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-4.8.6-1.el5.x86_64.rpm	SHA-256: ba21b26cf9fd75fec1d6d181d92665ef4588cc4eed358d8ff010991195c09fba
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nspr-devel-4.8.6-1.el5.x86_64.rpm	SHA-256: 6e8b6214846f0b1eef6b6c211ab40883b171708aa717f4b11091812978bc6b8b
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-3.12.7-2.el5.x86_64.rpm	SHA-256: 0ba0df590688ef30e2767154fb223b6a9492c7c15378514f95f51bfe1a74adbd
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 2de92cbc3cf3c802fcd5c9fb41abae46c1af13f58db4667c49d192cfb32447ac
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
nss-pkcs11-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 6e86270e4fb132111550a13d5e47a3c52f6118b44c5dd147df403f221f6eceed
nss-tools-3.12.7-2.el5.x86_64.rpm	SHA-256: ea7372e87c743123efa93117188ed7e595483a21a2184b8a65ad23600b6deed0
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-1.9.2.9-1.el5.x86_64.rpm	SHA-256: 41bce2e6eaf8fbc3760c6ce25303915d4bbe04b5fefd1d2d80e377611dbd9fef
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398
xulrunner-devel-1.9.2.9-1.el5.x86_64.rpm	SHA-256: ec01b8cbce4ef51bc395f680f1dc4efee6be536f9ad7387c8edc1240d7f6e4d6
i386
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398

Red Hat Enterprise Linux Desktop 5

SRPM
x86_64
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
firefox-3.6.9-2.el5.x86_64.rpm	SHA-256: 245f91353a3405a50c0db6bb8e1c0f1bdd33cdc587897f98cf973b1b17560d09
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-4.8.6-1.el5.x86_64.rpm	SHA-256: ba21b26cf9fd75fec1d6d181d92665ef4588cc4eed358d8ff010991195c09fba
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-3.12.7-2.el5.x86_64.rpm	SHA-256: 0ba0df590688ef30e2767154fb223b6a9492c7c15378514f95f51bfe1a74adbd
nss-tools-3.12.7-2.el5.x86_64.rpm	SHA-256: ea7372e87c743123efa93117188ed7e595483a21a2184b8a65ad23600b6deed0
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-1.9.2.9-1.el5.x86_64.rpm	SHA-256: 41bce2e6eaf8fbc3760c6ce25303915d4bbe04b5fefd1d2d80e377611dbd9fef
i386
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60

Red Hat Enterprise Linux Server from RHUI 5

SRPM
x86_64
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
firefox-3.6.9-2.el5.x86_64.rpm	SHA-256: 245f91353a3405a50c0db6bb8e1c0f1bdd33cdc587897f98cf973b1b17560d09
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-4.8.6-1.el5.x86_64.rpm	SHA-256: ba21b26cf9fd75fec1d6d181d92665ef4588cc4eed358d8ff010991195c09fba
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nspr-devel-4.8.6-1.el5.x86_64.rpm	SHA-256: 6e8b6214846f0b1eef6b6c211ab40883b171708aa717f4b11091812978bc6b8b
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-3.12.7-2.el5.x86_64.rpm	SHA-256: 0ba0df590688ef30e2767154fb223b6a9492c7c15378514f95f51bfe1a74adbd
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 2de92cbc3cf3c802fcd5c9fb41abae46c1af13f58db4667c49d192cfb32447ac
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
nss-pkcs11-devel-3.12.7-2.el5.x86_64.rpm	SHA-256: 6e86270e4fb132111550a13d5e47a3c52f6118b44c5dd147df403f221f6eceed
nss-tools-3.12.7-2.el5.x86_64.rpm	SHA-256: ea7372e87c743123efa93117188ed7e595483a21a2184b8a65ad23600b6deed0
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-1.9.2.9-1.el5.x86_64.rpm	SHA-256: 41bce2e6eaf8fbc3760c6ce25303915d4bbe04b5fefd1d2d80e377611dbd9fef
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398
xulrunner-devel-1.9.2.9-1.el5.x86_64.rpm	SHA-256: ec01b8cbce4ef51bc395f680f1dc4efee6be536f9ad7387c8edc1240d7f6e4d6
i386
firefox-3.6.9-2.el5.i386.rpm	SHA-256: 3679cadafb8427803ead299860e6a627a9dcccaedae7d1626ea005da678d0c52
nspr-4.8.6-1.el5.i386.rpm	SHA-256: 44c9d7e4b8bb64e0d1ee50f405368497adef5aa99c2b079fd3c85b70ed3dc5d1
nspr-devel-4.8.6-1.el5.i386.rpm	SHA-256: 6e019e7979e406c2d2ef1a5349d0266e9160de3baf2f7935d8c70897b5edaeb5
nss-3.12.7-2.el5.i386.rpm	SHA-256: f53e4fdb489e2e422ac2bc40e43152d72cc2130c74aa50145f3967a3d4b91773
nss-devel-3.12.7-2.el5.i386.rpm	SHA-256: 86af49dae0836007bb27ff17a918c88c3f24bc48866d2875bc55e0b7ef8e27f7
nss-pkcs11-devel-3.12.7-2.el5.i386.rpm	SHA-256: 40655b8203a8fc1b4e0f0a481291d34c0908e0577110f891e61ef3196acd88f5
xulrunner-1.9.2.9-1.el5.i386.rpm	SHA-256: 00445f38bff126dd07f20c075611c8d0046a40f6ac3b2d30b4b7a916bdcbae60
xulrunner-devel-1.9.2.9-1.el5.i386.rpm	SHA-256: fb6ff9c132a030f983c5d962a810a7d7d3205df83919e20f6c428b73adcfa398