Bug 770676 (CVE-2011-3658, CVE-2011-3660, CVE-2011-3661, CVE-2011-3663, CVE-2011-3664, CVE-2011-3665, CVE-2011-3666)

Summary: CVE-2011-3660 Mozilla: Multiple security flaws fixed in v3.6.25 (Mac) and v9
Product: [Other] Security Response Reporter: Huzaifa S. Sidhpurwala <huzaifas>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: bazanluis20, gecko-bugs-nobody
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-12-28 09:57:00 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 765820    

Description Huzaifa S. Sidhpurwala 2011-12-28 09:53:41 UTC 
Multiple flaws fixed during Mozilla update of December 20 2011:
===============================================================

* MFSA 2011-59 .jar not treated as executable in Firefox 3.6 on Mac
Affects Mac OS

* MFSA 2011-58 Crash scaling <video> to extreme sizes
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9

* MFSA 2011-57 Crash when plugin removes itself on Mac OS X
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9 on MAC OS

* MFSA 2011-56 Key detection without JavaScript via SVG animation
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9

* MFSA 2011-55 nsSVGValue out-of-bounds access
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9

* MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9

* MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)
Affects Firefox and Thunderbird 8, fixed in Firefox and Thunderbird 9
Comment 1 Huzaifa S. Sidhpurwala 2011-12-28 09:57:00 UTC 
Statement:

This issue did not affect the version of firefox and thunderbird packages as shipped with Red Hat Enterprise Linux 4, 5 and 6. This issue did not affect the version of seamonkey package as shipped with Red Hat Enterprise Linux 4.
Comment 2 Tomas Hoger 2011-12-28 10:12:32 UTC 
References:

http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.25