Advisory Published

RHSA-2010:0547: Critical: firefox security update

First published: Tue Jul 20 2010(Updated: )

Mozilla Firefox is an open source web browser. XULRunner provides the XUL<br>Runtime environment for Mozilla Firefox.<br>Several flaws were found in the processing of malformed web content. A web<br>page containing malicious content could cause Firefox to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,<br>CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)<br>A memory corruption flaw was found in the way Firefox decoded certain PNG<br>images. An attacker could create a specially-crafted PNG image that, when<br>opened, could cause Firefox to crash or, potentially, execute arbitrary<br>code with the privileges of the user running Firefox. (CVE-2010-1205)<br>Several same-origin policy bypass flaws were found in Firefox. An attacker<br>could create a malicious web page that, when viewed by a victim, could<br>steal private data from a different website the victim has loaded with<br>Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)<br>A flaw was found in the way Firefox presented the location bar to a user. A<br>malicious website could trick a user into thinking they are visiting the<br>site reported by the location bar, when the page is actually content<br>controlled by an attacker. (CVE-2010-1206)<br>A flaw was found in the way Firefox displayed the location bar when<br>visiting a secure web page. A malicious server could use this flaw to<br>present data that appears to originate from a secure server, even though it<br>does not. (CVE-2010-2751)<br>A flaw was found in the way Firefox displayed certain malformed characters.<br>A malicious web page could use this flaw to bypass certain string<br>sanitization methods, allowing it to display malicious information to<br>users. (CVE-2010-1210)<br>For technical details regarding these flaws, refer to the Mozilla security<br>advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories<br>in the References section of this erratum.<br>All Firefox users should upgrade to these updated packages, which contain<br>Firefox version 3.6.7, which corrects these issues. After installing the<br>update, Firefox must be restarted for the changes to take effect.<br>

Affected SoftwareAffected VersionHow to fix
redhat/firefox<3.6.7-2.el5
3.6.7-2.el5
redhat/xulrunner<1.9.2.7-2.el5
1.9.2.7-2.el5
redhat/firefox<3.6.7-2.el5
3.6.7-2.el5
redhat/xulrunner<1.9.2.7-2.el5
1.9.2.7-2.el5
redhat/xulrunner-devel<1.9.2.7-2.el5
1.9.2.7-2.el5
redhat/xulrunner-devel<1.9.2.7-2.el5
1.9.2.7-2.el5
redhat/firefox<3.6.7-2.el4
3.6.7-2.el4
redhat/firefox<3.6.7-2.el4
3.6.7-2.el4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203