__________________________________________________________ The U.S. Department of Energy Computer Incident Advisory Capability ___ __ __ _ ___ / | /_\ / \___ __|__ / \ \___ __________________________________________________________ INFORMATION BULLETIN Mozilla Products Security Update [Red Hat RHSA-2007:0724-4] July 19, 2007 18:00 GMT Number R-309 [REVISED 27 Jul 2007] [REVISED 24 Oct 2007] ______________________________________________________________________________ PROBLEM: There are several vulnerabilities in Mozilla Products. PLATFORM: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 3, v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS, ES, WS (v. 2.1, v. 3, and v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor Debian GNU/Linux 4.0 (etch) DAMAGE: Could crash or potentially execute arbitrary code as the user running the application. SOLUTION: Upgrade to the appropriate version. ______________________________________________________________________________ VULNERABILITY The risk is MEDIUM. Could crash or potentially execute ASSESSMENT: arbitrary code as the user running the application. ______________________________________________________________________________ LINKS: CIAC BULLETIN: http://www.ciac.org/ciac/bulletins/r-309.shtml ORIGINAL BULLETIN: https://rhn.redhat.com/errata/RHSA-2007-0724.html ADDITIONAL LINKS: https://rhn.redhat.com/errata/RHSA-2007-0723.html https://rhn.redhat.com/errata/RHSA-2007-0722.html http://www.debian.org/security/2007/dsa-1338 http://www.debian.org/security/2007/dsa-1337 http://www.debian.org/security/2007/dsa-1391 CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 ______________________________________________________________________________ REVISION HISTORY: 07/27/2007 - revised R-309 to add a link to Debian Security Advisory DSA-1337-1 and DSA-1338-1 for Debian GNU/Linux 4.0 (etch). 10/24/2007 - revised R-309 to add a link to Debian Security Advisory DSA-1391-1 for Debian GNU/Linux 4.0 (etch). [***** Start Red Hat RHSA-2007:0724-4 *****] Critical: firefox security update Advisory: RHSA-2007:0724-4 Type: Security Advisory Severity: Critical Issued on: 2007-07-18 Last updated on: 2007-07-18 Affected Products: RHEL Desktop Workstation (v. 5 client) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux Desktop (v. 5 client) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) OVAL: com.redhat.rhsa-20070724.xml CVEs (cve.mitre.org): CVE-2007-3089 CVE-2007-3656 CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3738 Details Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the way Firefox processed certain malformed JavaScript code. A web page containing malicious JavaScript code could cause Firefox to crash or potentially execute arbitrary code as the user running Firefox. (CVE-2007-3734, CVE-2007-3735, CVE-2007-3737, CVE-2007-3738) Several content injection flaws were found in the way Firefox handled certain JavaScript code. A web page containing malicious JavaScript code could inject arbitrary content into other web pages. (CVE-2007-3736, CVE-2007-3089) A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-3656) Users of Firefox are advised to upgrade to these erratum packages, which contain backported patches that correct these issues. Solution Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/FAQ_58_10188 Updated packages RHEL Desktop Workstation (v. 5 client) -------------------------------------------------------------------------------- IA-32: firefox-devel-1.5.0.12-3.el5.i386.rpm be1322bcd982139d6bd88a739af188a8 x86_64: firefox-devel-1.5.0.12-3.el5.i386.rpm be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.x86_64.rpm ecfcecad587c5b5a87ecb990407768c1 Red Hat Desktop (v. 4) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-0.3.el4.src.rpm f07113979e83ca0e3b0f9caa8e34a4a6 IA-32: firefox-1.5.0.12-0.3.el4.i386.rpm 7622fec562eb6248eed19ac4903695fb x86_64: firefox-1.5.0.12-0.3.el4.x86_64.rpm ee0e7204d23c2a6109baf4610593c5af Red Hat Enterprise Linux (v. 5 server) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-3.el5.src.rpm 9c788fafd5691d3345f053e3134ca2ea IA-32: firefox-1.5.0.12-3.el5.i386.rpm 41f9235be61710608c049fed0c39ba19 firefox-devel-1.5.0.12-3.el5.i386.rpm be1322bcd982139d6bd88a739af188a8 IA-64: firefox-1.5.0.12-3.el5.ia64.rpm 6dda2d0463fe1e15117224e263fd8646 firefox-devel-1.5.0.12-3.el5.ia64.rpm 8eacfbf523a9e5bf9f7f5f24232da9bf PPC: firefox-1.5.0.12-3.el5.ppc.rpm 0e17d445a346697a695c708dd4ff7f77 firefox-devel-1.5.0.12-3.el5.ppc.rpm 8a604711c03a1e383e2dc86689c9b1f6 s390x: firefox-1.5.0.12-3.el5.s390.rpm 85527cdc87805574e6cea54cd997bf08 firefox-1.5.0.12-3.el5.s390x.rpm ce660ba2b2af5bcea03789ce1c197e5f firefox-devel-1.5.0.12-3.el5.s390.rpm 47818dff9de4c75518ae322ae2887213 firefox-devel-1.5.0.12-3.el5.s390x.rpm 1177441caa8e95e7fffab1fe036f7128 x86_64: firefox-1.5.0.12-3.el5.i386.rpm 41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.x86_64.rpm 5d2539b4e150e2ebea6c6304a4c08325 firefox-devel-1.5.0.12-3.el5.i386.rpm be1322bcd982139d6bd88a739af188a8 firefox-devel-1.5.0.12-3.el5.x86_64.rpm ecfcecad587c5b5a87ecb990407768c1 Red Hat Enterprise Linux AS (v. 4) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-0.3.el4.src.rpm f07113979e83ca0e3b0f9caa8e34a4a6 IA-32: firefox-1.5.0.12-0.3.el4.i386.rpm 7622fec562eb6248eed19ac4903695fb IA-64: firefox-1.5.0.12-0.3.el4.ia64.rpm 27da182682ae877ea07b154c45ea8edc PPC: firefox-1.5.0.12-0.3.el4.ppc.rpm 732fe2238d90fd91ae72be8816fe8772 s390: firefox-1.5.0.12-0.3.el4.s390.rpm 666483674e567946cb9c07e202814518 s390x: firefox-1.5.0.12-0.3.el4.s390x.rpm 9af7bbfc652a0e7f6b58b72fa2f598e9 x86_64: firefox-1.5.0.12-0.3.el4.x86_64.rpm ee0e7204d23c2a6109baf4610593c5af Red Hat Enterprise Linux Desktop (v. 5 client) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-3.el5.src.rpm 9c788fafd5691d3345f053e3134ca2ea IA-32: firefox-1.5.0.12-3.el5.i386.rpm 41f9235be61710608c049fed0c39ba19 x86_64: firefox-1.5.0.12-3.el5.i386.rpm 41f9235be61710608c049fed0c39ba19 firefox-1.5.0.12-3.el5.x86_64.rpm 5d2539b4e150e2ebea6c6304a4c08325 Red Hat Enterprise Linux ES (v. 4) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-0.3.el4.src.rpm f07113979e83ca0e3b0f9caa8e34a4a6 IA-32: firefox-1.5.0.12-0.3.el4.i386.rpm 7622fec562eb6248eed19ac4903695fb IA-64: firefox-1.5.0.12-0.3.el4.ia64.rpm 27da182682ae877ea07b154c45ea8edc x86_64: firefox-1.5.0.12-0.3.el4.x86_64.rpm ee0e7204d23c2a6109baf4610593c5af Red Hat Enterprise Linux WS (v. 4) -------------------------------------------------------------------------------- SRPMS: firefox-1.5.0.12-0.3.el4.src.rpm f07113979e83ca0e3b0f9caa8e34a4a6 IA-32: firefox-1.5.0.12-0.3.el4.i386.rpm 7622fec562eb6248eed19ac4903695fb IA-64: firefox-1.5.0.12-0.3.el4.ia64.rpm 27da182682ae877ea07b154c45ea8edc x86_64: firefox-1.5.0.12-0.3.el4.x86_64.rpm ee0e7204d23c2a6109baf4610593c5af (The unlinked packages above are only available from the Red Hat Network) Bugs fixed (see bugzilla for more information) 248518 - CVE-2007-3089 various flaws in mozilla products (CVE-2007-3734 CVE-2007-3735 CVE-2007-3736 CVE-2007-3737 CVE-2007-3656 CVE-2007-3738) References http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3089 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3734 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3735 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3736 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3737 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3738 http://www.redhat.com/security/updates/classification/#critical -------------------------------------------------------------------------------- These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: https://www.redhat.com/security/team/key/#package The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/ [***** End Red Hat RHSA-2007:0724-4 *****] _______________________________________________________________________________ CIAC wishes to acknowledge the contributions of Red Hat for the information contained in this bulletin. _______________________________________________________________________________ CIAC, the Computer Incident Advisory Capability, is the computer security incident response team for the U.S. Department of Energy (DOE) and the emergency backup response team for the National Institutes of Health (NIH). CIAC is located at the Lawrence Livermore National Laboratory in Livermore, California. CIAC is also a founding member of FIRST, the Forum of Incident Response and Security Teams, a global organization established to foster cooperation and coordination among computer security teams worldwide. CIAC services are available to DOE, DOE contractors, and the NIH. CIAC can be contacted at: Voice: +1 925-422-8193 (7x24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org Previous CIAC notices, anti-virus software, and other information are available from the CIAC Computer Security Archive. World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org PLEASE NOTE: Many users outside of the DOE, ESnet, and NIH computing communities receive CIAC bulletins. If you are not part of these communities, please contact your agency's response team to report incidents. Your agency's team will coordinate with CIAC. The Forum of Incident Response and Security Teams (FIRST) is a world-wide organization. A list of FIRST member organizations and their constituencies can be obtained via WWW at http://www.first.org/. This document was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government nor the University of California nor any of their employees, makes any warranty, express or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation or favoring by the United States Government or the University of California. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States Government or the University of California, and shall not be used for advertising or product endorsement purposes. LAST 10 CIAC BULLETINS ISSUED (Previous bulletins available from CIAC) R-299: Vulnerability in Microsoft Office Publisher 2007 (936548) R-300: Flash Player Vulnerability R-301: Security Vulnerability in the rcp(1) Command R-302: Security Vulnerability inJava Web Start URL Parsing Code R-303: VideoLan Vulnerability R-304: Java Runtime Environment Vulnerability R-305: Tomcat Security Update R-306: Trilliam Instant Messenger Client Vulnerability R-307: Apple QuickTime 7.2 R-308: Oracle Critical Patch Update - July 2007