FrSIRT - Fedora Security Update Fixes Mozilla Firefox Multiple Vulnerabilities / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Mozilla Firefox Multiple Vulnerabilities

Title : Fedora Security Update Fixes Mozilla Firefox Multiple Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-4077
CVE ID : CVE-2007-5947 - CVE-2007-5959 - CVE-2007-5960
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-04

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Multiple vulnerabilities have been identified in Fedora, which could be exploited by attackers to bypass security restrictions, cause a denial of service or compromise an affected system [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

21acdc500393fa89ac842b73ca03e868f91f7ebf SRPMS/firefox-1.5.0.12-7.fc6.src.rpm
21acdc500393fa89ac842b73ca03e868f91f7ebf noarch/firefox-1.5.0.12-7.fc6.src.rpm
110485359839ac5c88ac8746d90d500f52c86f36 ppc/firefox-devel-1.5.0.12-7.fc6.ppc.rpm
25714f423b1edfde6bb3011f998fccf989f1f02e ppc/debug/firefox-debuginfo-1.5.0.12-7.fc6.ppc.rpm
e40822b009bb9d3807930d70f09e8db1d10a56e3 ppc/firefox-1.5.0.12-7.fc6.ppc.rpm
7b7a0e72648f74c3e4b355087fe24f6395bd9eff x86_64/firefox-1.5.0.12-7.fc6.x86_64.rpm
d7abe306f7b17fdf2614f3d32e1982bdc8b58ea5 x86_64/firefox-devel-1.5.0.12-7.fc6.x86_64.rpm
b19b21045af141d4bb0dd72470c177d190eebb6b x86_64/debug/firefox-debuginfo-1.5.0.12-7.fc6.x86_64.rpm
840f0704883ab3156808267ec79f189a49ea500d i386/firefox-1.5.0.12-7.fc6.i386.rpm
385b9eac86bcd357ea38778ee0c09bdfc014dd75 i386/firefox-devel-1.5.0.12-7.fc6.i386.rpm
cf7741bea37d5b1dda2d85c66a868dc29e4ac5e3 i386/debug/firefox-debuginfo-1.5.0.12-7.fc6.i386.rpm

ChangeLog

2007-12-04 : Initial release

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	IBM WebSphere Application Server Security Exposure Vulnerabilities
	IBM AIX DNS Transaction ID Remote Cache Poisoning Vulnerability
	IBM Tivoli Directory Server Entry Handling Double-Free Vulnerability
	IBM AFP Viewer Plug-In "SRC" Property Buffer Overflow Vulnerability
	IBM Hardware Management Console Cross Site Scripting Vulnerabilities
	IBM OS/400 BrSmRcvAndCheck Local Buffer Overflow Vulnerability
	IBM DB2 Multiple Buffer Overflow and Security Bypass Vulnerabilities

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Xcode Code Execution and Information Disclosure Vulnerabilities
	Apple TV Data Processing Remote Code Execution Vulnerabilities
	Apple Mac OS X Command Execution and Security Bypass Issues
	Apple Safari for Mac OS X Remote Code Execution Vulnerability
	Apple Mac OS X ARDAgent Local Privilege Escalation Vulnerability
	Apple Safari Code Execution and Information Disclosure Vulnerabilities

	Mozilla Firefox for Mac OS X GIF Rendering Code Execution Vulnerability
	Mozilla Products Remote Code Execution and Security Bypass Issues
	Mozilla Products Code Execution and Injection Vulnerabilities
	Mozilla JavaScript Garbage Collector Code Execution Vulnerability
	Mozilla Thunderbird Code Execution and Cross Site Scripting Issues
	Mozilla Firefox and SeaMonkey Multiple Remote Code Execution Issues
	Mozilla Thunderbird Multiple Security Bypass and Code Execution Issues