RHSA-2009:1674: Critical security update
57
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (
CVE-2010-0159
356
,
CVE-2010-0160
357
)
Two flaws were found in the way certain content was processed. An attacker could use these flaws
to create a malicious web page that could bypass the same-origin policy, or possibly run untrusted
JavaScript. (
CVE-2009-3988
358
,
CVE-2010-0162
359
)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.0.18.
You can find a link to the Mozilla advisories in the References section of this errata.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.18,
which corrects these issues. After installing the update, Firefox must be restarted for the changes to
take effect.
1.54.2. RHSA-2009:1674: Critical security update
Important
This update has already been released (prior to the GA of this release) as the security
errata
RHSA-2009:1674
360
Updated firefox packages that fix several security issues are now available for Red Hat Enterprise
Linux 4 and 5.
This update has been rated as having critical security impact by the Red Hat Security Response
Team.
Mozilla Firefox is an open source Web browser. XULRunner provides the XUL Runtime environment
for Mozilla Firefox.
Several flaws were found in the processing of malformed web content. A web page containing
malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges
of the user running Firefox. (
CVE-2009-3979
361
,
CVE-2009-3981
362
,
CVE-2009-3986
363
)
A flaw was found in the Firefox NT Lan Manager (NTLM) authentication protocol implementation. If
an attacker could trick a local user that has NTLM credentials into visiting a specially-crafted web
page, they could send arbitrary requests, authenticated with the user's NTLM credentials, to other
applications on the user's system. (
CVE-2009-3983
364
)
A flaw was found in the way Firefox displayed the SSL location bar indicator. An attacker could create
an unencrypted web page that appears to be encrypted, possibly tricking the user into believing they
are visiting a secure page. (
CVE-2009-3984
365
)
356
https://www.redhat.com/security/data/cve/CVE-2010-0159.html
357
https://www.redhat.com/security/data/cve/CVE-2010-0160.html
358
https://www.redhat.com/security/data/cve/CVE-2009-3988.html
359
https://www.redhat.com/security/data/cve/CVE-2010-0162.html
361
https://www.redhat.com/security/data/cve/CVE-2009-3979.html
362
https://www.redhat.com/security/data/cve/CVE-2009-3981.html
363
https://www.redhat.com/security/data/cve/CVE-2009-3986.html
364
https://www.redhat.com/security/data/cve/CVE-2009-3983.html
365
https://www.redhat.com/security/data/cve/CVE-2009-3984.html
Содержание ENTERPRISE LINUX 5.5 - S 2010
Страница 10: ...x ...
Страница 308: ...298 ...
Страница 310: ...300 ...
Страница 468: ...458 ...
Страница 470: ...460 ...