Red Hat Bugzilla – Bug 521692
CVE-2009-3076 Firefox 3.0.14 Insufficient warning for PKCS11 module installation and removal
Last modified: 2010-04-08 16:14:11 EDT
Security researcher Dan Kaminsky reported that when security modules were added or removed via pkcs11.addmodule or pkcs11.deletemodule, the resulting dialog was not sufficiently informative. Without sufficient warning, an attacker could entice a victim to install a malicious PKCS11 module and affect the cryptographic integrity of the victim's browser. Firefox 3.5 releases are not affected.
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1430 https://rhn.redhat.com/errata/RHSA-2009-1430.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2009:1431 https://rhn.redhat.com/errata/RHSA-2009-1431.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Via RHSA-2009:1432 https://rhn.redhat.com/errata/RHSA-2009-1432.html
epiphany-extensions-2.24.3-5.fc10, epiphany-2.24.3-10.fc10, Miro-2.0.5-4.fc10, ruby-gnome2-0.19.1-2.fc10, blam-1.8.5-14.fc10, evolution-rss-0.1.4-3.fc10, gecko-sharp2-0.13-12.fc10, gnome-web-photo-0.3-22.fc10, gnome-python2-extras-2.19.1-34.fc10, kazehakase-0.5.6-4.fc10.6, mozvoikko-0.9.5-14.fc10, google-gadgets-0.10.5-10.fc10, pcmanx-gtk2-0.3.8-13.fc10, mugshot-1.2.2-13.fc10, yelp-2.24.0-13.fc10, perl-Gtk2-MozEmbed-0.08-6.fc10.5, firefox-3.0.14-1.fc10, xulrunner-1.9.0.14-1.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0153 https://rhn.redhat.com/errata/RHSA-2010-0153.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0154 https://rhn.redhat.com/errata/RHSA-2010-0154.html