From Fedora Project Wiki

< FSA‎ | F7

[SECURITY] Fedora 7 Update: firefox-2.0.0.4-1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0001
None
--------------------------------------------------------------------------------

Name        : firefox
Product     : Fedora 7
Version     : 2.0.0.4
Release     : 1.fc7
Summary     : Mozilla Firefox Web browser.
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

--------------------------------------------------------------------------------
Update Information:

Updated firefox packages that fix several security bugs are now available for
Fedora 7 (Corrected).

This update has been rated as having critical security impact by the Fedora
Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript
code. A web page containing malicious JavaScript code could cause Firefox to crash
or potentially execute arbitrary code as the user running Firefox.
(CVE-2007-2867, CVE-2007-2868)

A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious
FTP server could use this flaw to perform a rudimentary port-scan of machines behind
a user's firewall. (CVE-2007-1562)

Several denial of service flaws were found in the way Firefox handled certain form
and cookie data. A malicious web site that is able to set arbitrary form and cookie
data could prevent Firefox from functioning properly. (CVE-2007-1362, CVE-2007-2869)

A flaw was found in the way Firefox handled the addEventListener JavaScript method.
A malicious web site could use this method to access or modify sensitive data from
another web site. (CVE-2007-2870)

A flaw was found in the way Firefox displayed certain web content. A malicious web
page could generate content that would overlay user interface elements such as the
hostname and security indicators, tricking users into thinking they are visiting a
different site. (CVE-2007-2871)

Users of Firefox are advised to upgrade to these erratum packages, which contain
Firefox version 2.0.0.4 that corrects these issues.
--------------------------------------------------------------------------------
ChangeLog:

* Wed May 30 2007 Christopher Aillon <caillon redhat com> 2.0.0.4-1
- Final version
* Wed May 23 2007 Christopher Aillon <caillon redhat com> 2.0.0.4-0.rc3
- Update to 2.0.0.4 RC3
--------------------------------------------------------------------------------
References:

Bug #241840 - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=241840
CVE-2007-1362 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1362
CVE-2007-1562 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1562
CVE-2007-2867 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2867
CVE-2007-2868 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2868
CVE-2007-2869 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2869
CVE-2007-2870 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2870
CVE-2007-2871 - http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2871
--------------------------------------------------------------------------------
Updated packages:

18c29736efa5d1b4727e4cd202f5e0155e897a53 firefox-debuginfo-2.0.0.4-1.fc7.ppc64.rpm
bc29016cee75b9f7fc5b9cb07a1122c37021bd62 firefox-devel-2.0.0.4-1.fc7.ppc64.rpm
42aa46f5b3fbfd5ba298a404b8a7fba1246b8c20 firefox-2.0.0.4-1.fc7.ppc64.rpm
9f4cd34855dfca83f5b4125b6ea3ca396643732e firefox-debuginfo-2.0.0.4-1.fc7.i386.rpm
5fcf42599604c2fe48c575a07ecb78990ac96e25 firefox-2.0.0.4-1.fc7.i386.rpm
76ac8b455fa63a690544f43146f4f249afbfe5a4 firefox-devel-2.0.0.4-1.fc7.i386.rpm
6ac169395f65e5a17430b1c6a4a3a32dbd1aae91 firefox-2.0.0.4-1.fc7.x86_64.rpm
e83da4ee0c5f2ed01494f6169f3e4f8b4d1631c6 firefox-devel-2.0.0.4-1.fc7.x86_64.rpm
c06b4a2604549fad7af51b4c128d7835780c6273 firefox-debuginfo-2.0.0.4-1.fc7.x86_64.rpm
bc4610a1b5c90849b85ca5bed576eef1bf2b5530 firefox-debuginfo-2.0.0.4-1.fc7.ppc.rpm
94f0b1d0431054d16e7f67be994e26cdd48a2e0b firefox-2.0.0.4-1.fc7.ppc.rpm
edae97c5880043e1aad745594d5fdd2eb650666c firefox-devel-2.0.0.4-1.fc7.ppc.rpm
17f2bfe4b2792faa84f9e46d6e88e8e240eb342b firefox-2.0.0.4-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------