- Vulnerability/
- RHSA-2010:0547
RHSA-2010:0547: Critical: firefox security update
First published: Tue Jul 20 2010(Updated: )
Mozilla Firefox is an open source web browser. XULRunner provides the XUL<br>Runtime environment for Mozilla Firefox.<br>Several flaws were found in the processing of malformed web content. A web<br>page containing malicious content could cause Firefox to crash or,<br>potentially, execute arbitrary code with the privileges of the user running<br>Firefox. (CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212,<br>CVE-2010-1214, CVE-2010-1215, CVE-2010-2752, CVE-2010-2753)<br>A memory corruption flaw was found in the way Firefox decoded certain PNG<br>images. An attacker could create a specially-crafted PNG image that, when<br>opened, could cause Firefox to crash or, potentially, execute arbitrary<br>code with the privileges of the user running Firefox. (CVE-2010-1205)<br>Several same-origin policy bypass flaws were found in Firefox. An attacker<br>could create a malicious web page that, when viewed by a victim, could<br>steal private data from a different website the victim has loaded with<br>Firefox. (CVE-2010-0654, CVE-2010-1207, CVE-2010-1213, CVE-2010-2754)<br>A flaw was found in the way Firefox presented the location bar to a user. A<br>malicious website could trick a user into thinking they are visiting the<br>site reported by the location bar, when the page is actually content<br>controlled by an attacker. (CVE-2010-1206)<br>A flaw was found in the way Firefox displayed the location bar when<br>visiting a secure web page. A malicious server could use this flaw to<br>present data that appears to originate from a secure server, even though it<br>does not. (CVE-2010-2751)<br>A flaw was found in the way Firefox displayed certain malformed characters.<br>A malicious web page could use this flaw to bypass certain string<br>sanitization methods, allowing it to display malicious information to<br>users. (CVE-2010-1210)<br>For technical details regarding these flaws, refer to the Mozilla security<br>advisories for Firefox 3.6.7. You can find a link to the Mozilla advisories<br>in the References section of this erratum.<br>All Firefox users should upgrade to these updated packages, which contain<br>Firefox version 3.6.7, which corrects these issues. After installing the<br>update, Firefox must be restarted for the changes to take effect.<br>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/firefox | <3.6.7-2.el5 | 3.6.7-2.el5 |
| redhat/xulrunner | <1.9.2.7-2.el5 | 1.9.2.7-2.el5 |
| redhat/firefox | <3.6.7-2.el5 | 3.6.7-2.el5 |
| redhat/xulrunner | <1.9.2.7-2.el5 | 1.9.2.7-2.el5 |
| redhat/xulrunner-devel | <1.9.2.7-2.el5 | 1.9.2.7-2.el5 |
| redhat/xulrunner-devel | <1.9.2.7-2.el5 | 1.9.2.7-2.el5 |
| redhat/firefox | <3.6.7-2.el4 | 3.6.7-2.el4 |
| redhat/firefox | <3.6.7-2.el4 | 3.6.7-2.el4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=568231
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=608238
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=608763
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615455
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615456
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615458
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615459
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615462
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615463
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615464
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615466
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615471
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615472
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615474
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615480
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=615488
- http://www.redhat.com/security/updates/classification/#critical
- http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.7
- https://access.redhat.com/errata/RHSA-2010:0547 (Advisory)
Frequently Asked Questions
What is the severity of RHSA-2010:0547?
RHSA-2010:0547 is categorized as a moderate severity vulnerability due to the potential for crashes and exploitation through malformed web content.
How do I fix RHSA-2010:0547?
To fix RHSA-2010:0547, update Mozilla Firefox or XULRunner to the patched version specified in the advisory.
Which software versions are impacted by RHSA-2010:0547?
The impacted versions for RHSA-2010:0547 include Firefox versions up to 3.6.7-2.el5 and XULRunner versions up to 1.9.2.7-2.el5.
What types of issues does RHSA-2010:0547 address?
RHSA-2010:0547 addresses multiple flaws in handling malformed web content that can lead to application crashes.
Is there a need to restart the system after applying the RHSA-2010:0547 update?
A system restart is not typically required after applying the RHSA-2010:0547 update, but restarting the affected applications is recommended.
- agent/severity
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-errata
- source/Red Hat
- anchor-id/RHSA-2010:0547
- agent/software-canonical-lookup
- agent/event
- agent/remedy
- agent/title
- agent/references
- agent/description
- agent/trending
- agent/tags
- agent/source
- package-manager/redhat