Common Vulnerabilities and Exposures assigned an identifier CVE-2009-3274 to the following vulnerability: Mozilla Firefox 3.6a1, 3.5.2, and earlier 2.x and 3.x versions on Linux uses a predictable /tmp pathname for files selected from the Downloads window, which allows local users to replace an arbitrary downloaded file by placing a file in a /tmp location before the download occurs, possibly related to the Archive Manager component. NOTE: some of these details are obtained from third party information. References: ----------- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3274 http://jbrownsec.blogspot.com/2009/09/vamos-updates.html http://securitytube.net/Zero-Day-Demos-(Firefox-Vulnerability-Discovered)-video.aspx http://secunia.com/advisories/36649
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 5 Via RHSA-2009:1530 https://rhn.redhat.com/errata/RHSA-2009-1530.html
This issue has been addressed in following products: Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 4 Via RHSA-2009:1531 https://rhn.redhat.com/errata/RHSA-2009-1531.html
blam-1.8.5-15.fc11, chmsee-1.0.1-12.fc11, epiphany-2.26.3-5.fc11, epiphany-extensions-2.26.1-7.fc11, evolution-rss-0.1.4-5.fc11, firefox-3.5.4-1.fc11, galeon-2.0.7-17.fc11, gnome-python2-extras-2.25.3-8.fc11, gnome-web-photo-0.7-7.fc11, google-gadgets-0.11.1-2.fc11, hulahop-0.4.9-9.fc11, kazehakase-0.5.8-2.fc11.1, Miro-2.5.2-5.fc11, monodevelop-2.0-6.fc11, mozvoikko-0.9.7-0.8.rc1.fc11, pcmanx-gtk2-0.3.8-9.fc11, ruby-gnome2-0.19.3-3.fc11, seahorse-plugins-2.26.2-7.fc11, xulrunner-1.9.1.4-1.fc11, yelp-2.26.0-8.fc11, eclipse-3.4.2-17.fc11, perl-Gtk2-MozEmbed-0.08-6.fc11.6 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
blam-1.8.5-15.fc10, epiphany-2.24.3-11.fc10, epiphany-extensions-2.24.3-6.fc10, evolution-rss-0.1.4-5.fc10, firefox-3.0.15-1.fc10, galeon-2.0.7-15.fc10, gecko-sharp2-0.13-13.fc10, gnome-python2-extras-2.19.1-35.fc10, gnome-web-photo-0.3-23.fc10, google-gadgets-0.10.5-11.fc10, kazehakase-0.5.6-4.fc10.7, Miro-2.0.5-5.fc10, mozvoikko-0.9.5-15.fc10, mugshot-1.2.2-14.fc10, pcmanx-gtk2-0.3.8-14.fc10, perl-Gtk2-MozEmbed-0.08-6.fc10.6, ruby-gnome2-0.19.3-3.fc10, xulrunner-1.9.0.15-1.fc10, yelp-2.24.0-14.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0153 https://rhn.redhat.com/errata/RHSA-2010-0153.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2010:0154 https://rhn.redhat.com/errata/RHSA-2010-0154.html