FrSIRT - Fedora Security Update Fixes Mozilla Firefox Multiple Code Execution Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Mozilla Firefox Multiple Code Execution Vulnerabilities

Title : Fedora Security Update Fixes Mozilla Firefox Multiple Code Execution Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-2025
CVE ID : CVE-2007-1362 - CVE-2007-1562 - CVE-2007-2867 - CVE-2007-2868 - CVE-2007-2869 - CVE-2007-2870 - CVE-2007-2871
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-04

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to bypass security restrictions, disclose sensitive information, cause a denial of service or take complete control of an affected system [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

a83e5361e463ea25f96f4b084e670fe337a3ca97 SRPMS/firefox-1.5.0.12-1.fc5.src.rpm
a83e5361e463ea25f96f4b084e670fe337a3ca97 noarch/firefox-1.5.0.12-1.fc5.src.rpm
7b9fe30496f3867231c09d3762661dcb654ba7aa ppc/debug/firefox-debuginfo-1.5.0.12-1.fc5.ppc.rpm
7c16f90f7496ef7f1e8d25db6f8c34642bb7e950 ppc/firefox-1.5.0.12-1.fc5.ppc.rpm
b859e8dfd781d2cbe9c291b9ab884b851aadeae3 x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc5.x86_64.rpm
dca05f5c9941dc93cc9d269f5101e6608f71cca7 x86_64/firefox-1.5.0.12-1.fc5.x86_64.rpm
39ca095c35a32b1a9f312945f28b53b8e87cd959 i386/firefox-1.5.0.12-1.fc5.i386.rpm
ad1190d8d8b26817e343073f834d1ba5dd8b21f7 i386/debug/firefox-debuginfo-1.5.0.12-1.fc5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

f20bee9997965a6902a26caf0e3c9f18e96f482a SRPMS/firefox-1.5.0.12-1.fc6.src.rpm
f20bee9997965a6902a26caf0e3c9f18e96f482a noarch/firefox-1.5.0.12-1.fc6.src.rpm
a0e7febfb4264f5a0e2a475ac6cdb9371275cbd4 ppc/firefox-devel-1.5.0.12-1.fc6.ppc.rpm
a30ccee95490f6513e559d19994488db50933075 ppc/firefox-1.5.0.12-1.fc6.ppc.rpm
e90ca6294a76270b8b1b930ce51d894b67f949eb ppc/debug/firefox-debuginfo-1.5.0.12-1.fc6.ppc.rpm
5452ff82e9fbf62cad4ece460ef9415bd47728e0 x86_64/debug/firefox-debuginfo-1.5.0.12-1.fc6.x86_64.rpm
81fc5a70cc7f0591f7ec90eb0f8cf41cf03cfb4a x86_64/firefox-1.5.0.12-1.fc6.x86_64.rpm
1cce48d2a466f257411cdd421c855eb80fefcdfd x86_64/firefox-devel-1.5.0.12-1.fc6.x86_64.rpm
deff2b2abdac9925db3f0402075195322b884454 i386/firefox-1.5.0.12-1.fc6.i386.rpm
50f2730f492818d4fc34868710c1cb728cbd35ad i386/firefox-devel-1.5.0.12-1.fc6.i386.rpm
1abeeac266763742539dcd0a1582e62b97b86645 i386/debug/firefox-debuginfo-1.5.0.12-1.fc6.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/7/

18c29736efa5d1b4727e4cd202f5e0155e897a53 firefox-debuginfo-2.0.0.4-1.fc7.ppc64.rpm
bc29016cee75b9f7fc5b9cb07a1122c37021bd62 firefox-devel-2.0.0.4-1.fc7.ppc64.rpm
42aa46f5b3fbfd5ba298a404b8a7fba1246b8c20 firefox-2.0.0.4-1.fc7.ppc64.rpm
9f4cd34855dfca83f5b4125b6ea3ca396643732e firefox-debuginfo-2.0.0.4-1.fc7.i386.rpm
5fcf42599604c2fe48c575a07ecb78990ac96e25 firefox-2.0.0.4-1.fc7.i386.rpm
76ac8b455fa63a690544f43146f4f249afbfe5a4 firefox-devel-2.0.0.4-1.fc7.i386.rpm
6ac169395f65e5a17430b1c6a4a3a32dbd1aae91 firefox-2.0.0.4-1.fc7.x86_64.rpm
e83da4ee0c5f2ed01494f6169f3e4f8b4d1631c6 firefox-devel-2.0.0.4-1.fc7.x86_64.rpm
c06b4a2604549fad7af51b4c128d7835780c6273 firefox-debuginfo-2.0.0.4-1.fc7.x86_64.rpm
bc4610a1b5c90849b85ca5bed576eef1bf2b5530 firefox-debuginfo-2.0.0.4-1.fc7.ppc.rpm
94f0b1d0431054d16e7f67be994e26cdd48a2e0b firefox-2.0.0.4-1.fc7.ppc.rpm
edae97c5880043e1aad745594d5fdd2eb650666c firefox-devel-2.0.0.4-1.fc7.ppc.rpm
17f2bfe4b2792faa84f9e46d6e88e8e240eb342b firefox-2.0.0.4-1.fc7.src.rpm

ChangeLog

2007-06-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Microsoft XML Core Services Multiple Remote Vulnerabilities (MS08-069)
	Microsoft Windows SMB Credential Reflection Vulnerability (MS08-068)
	Microsoft Windows Server Service Vulnerability (MS08-067)
	Microsoft Windows "afd.sys" Privilege Escalation Vulnerability (MS08-066)
	Microsoft Windows MSMQ Code Execution Vulnerability (MS08-065)
	Microsoft Windows VADs Privilege Escalation Vulnerability (MS08-064)
	Microsoft Windows SMB Code Execution Vulnerability (MS08-063)