616648 – Please update firefox to 3.6.7 Major Security Update

Bug 616648 - Please update firefox to 3.6.7 Major Security Update

Summary: Please update firefox to 3.6.7 Major Security Update

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	firefox
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	urgent
Target Milestone:	---
Assignee:	Gecko Maintainer
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2010-07-21 03:48 UTC by David
Modified:	2010-10-09 23:22 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2010-10-09 23:22:16 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description David 2010-07-21 03:48:51 UTC

Description of problem:

Please update firefox to 3.6.7 Major Security Update

You are here: Security Center  > Known Vulnerabilities in Mozilla Products  > Security Advisories for Firefox 3.6
Firefox logo Security Advisories for Firefox 3.6

Impact key:

    * Critical: Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing.
    * High: Vulnerability can be used to gather sensitive data from sites in other windows or inject data or code into those sites, requiring no more than normal browsing actions.
    * Moderate: Vulnerabilities that would otherwise be High or Critical except they only work in uncommon non-default configurations or require the user to perform complicated and/or unlikely steps.
    * Low: Minor security vulnerabilities such as Denial of Service attacks, minor data leaks, or spoofs. (Undetectable spoofs of SSL indicia would have "High" impact because those are generally used to steal sensitive data intended for other sites.) 

Fixed in Firefox 3.6.7
MFSA 2010-47 Cross-origin data leakage from script filename in error messages
MFSA 2010-46 Cross-domain data theft using CSS
MFSA 2010-45 Multiple location bar spoofing vulnerabilities
MFSA 2010-44 Characters mapped to U+FFFD in 8 bit encodings cause subsequent character to vanish
MFSA 2010-43 Same-origin bypass using canvas context
MFSA 2010-42 Cross-origin data disclosure via Web Workers and importScripts
MFSA 2010-41 Remote code execution using malformed PNG image
MFSA 2010-40 nsTreeSelection dangling pointer remote code execution vulnerability
MFSA 2010-39 nsCSSValue::Array index integer overflow
MFSA 2010-38 Arbitrary code execution using SJOW and fast native function
MFSA 2010-37 Plugin parameter EnsureCachedAttrParamArrays remote code execution vulnerability
MFSA 2010-36 Use-after-free error in NodeIterator
MFSA 2010-35 DOM attribute cloning remote code execution vulnerability
MFSA 2010-34 Miscellaneous memory safety hazards (rv:1.9.2.7/ 1.9.1.11)


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 2 Martin Stransky 2010-07-21 07:54:40 UTC

https://admin.fedoraproject.org/updates/xulrunner-1.9.2.7-1.fc13,firefox-3.6.7-1.fc13,mozvoikko-1.0-12.fc13,gnome-web-photo-0.9-10.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.15,gnome-python2-extras-2.25.3-20.fc13,galeon-2.0.7-30.fc13

Note You need to log in before you can comment on or make changes to this bug.