Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Critical: firefox on SL5.x, SL6.x i386/x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Wednesday 20th February 2013 19:16:36 UTC (over 3 years ago)
Synopsis:          Critical: firefox security update
Issue Date:        2013-02-19
CVE Numbers:       CVE-2013-0783
                    CVE-2013-0775
                    CVE-2013-0776
                    CVE-2013-0780
                    CVE-2013-0782
--

Several flaws were found in the processing of malformed web content. A 
web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2013-0775, CVE-2013-0780, CVE-2013-0782, CVE-2013-0783)

It was found that, after canceling a proxy server's authentication 
prompt, the
address bar continued to show the requested site's address. An attacker 
could
use this flaw to conduct phishing attacks by tricking a user into believing
they are viewing a trusted site. (CVE-2013-0776)

Note that due to a Kerberos credentials change, the following configuration
steps may be required when using Firefox 17.0.3 ESR with the Enterprise
Identity Management (IPA) web interface:

Important: Firefox 17 is not completely backwards-compatible with all 
Mozilla
add-ons and Firefox plug-ins that worked with Firefox 10.0. Firefox 17 
checks
compatibility on first-launch, and, depending on the individual 
configuration
and the installed add-ons and plug-ins, may disable said Add-ons and 
plug-ins,
or attempt to check for updates and upgrade them. Add-ons and plug-ins 
may have
to be manually updated.

After installing the update, Firefox must be restarted for the changes to
take effect.
--

SL5
   x86_64
     devhelp-0.12-23.el5_9.i386.rpm
     devhelp-0.12-23.el5_9.x86_64.rpm
     devhelp-debuginfo-0.12-23.el5_9.i386.rpm
     devhelp-debuginfo-0.12-23.el5_9.x86_64.rpm
     firefox-17.0.3-1.el5_9.i386.rpm
     firefox-17.0.3-1.el5_9.x86_64.rpm
     firefox-debuginfo-17.0.3-1.el5_9.i386.rpm
     firefox-debuginfo-17.0.3-1.el5_9.x86_64.rpm
     xulrunner-17.0.3-1.el5_9.i386.rpm
     xulrunner-17.0.3-1.el5_9.x86_64.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.x86_64.rpm
     yelp-2.16.0-30.el5_9.x86_64.rpm
     yelp-debuginfo-2.16.0-30.el5_9.x86_64.rpm
     devhelp-devel-0.12-23.el5_9.i386.rpm
     devhelp-devel-0.12-23.el5_9.x86_64.rpm
     xulrunner-devel-17.0.3-1.el5_9.i386.rpm
     xulrunner-devel-17.0.3-1.el5_9.x86_64.rpm
   i386
     devhelp-0.12-23.el5_9.i386.rpm
     devhelp-debuginfo-0.12-23.el5_9.i386.rpm
     firefox-17.0.3-1.el5_9.i386.rpm
     firefox-debuginfo-17.0.3-1.el5_9.i386.rpm
     xulrunner-17.0.3-1.el5_9.i386.rpm
     xulrunner-debuginfo-17.0.3-1.el5_9.i386.rpm
     yelp-2.16.0-30.el5_9.i386.rpm
     yelp-debuginfo-2.16.0-30.el5_9.i386.rpm
     devhelp-devel-0.12-23.el5_9.i386.rpm
     xulrunner-devel-17.0.3-1.el5_9.i386.rpm
SL6
   x86_64
     firefox-17.0.3-1.el6_3.i686.rpm
     firefox-17.0.3-1.el6_3.x86_64.rpm
     firefox-debuginfo-17.0.3-1.el6_3.i686.rpm
     firefox-debuginfo-17.0.3-1.el6_3.x86_64.rpm
     libproxy-0.3.0-4.el6_3.i686.rpm
     libproxy-0.3.0-4.el6_3.x86_64.rpm
     libproxy-bin-0.3.0-4.el6_3.x86_64.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.x86_64.rpm
     libproxy-python-0.3.0-4.el6_3.x86_64.rpm
     xulrunner-17.0.3-1.el6_3.i686.rpm
     xulrunner-17.0.3-1.el6_3.x86_64.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.x86_64.rpm
     yelp-2.28.1-17.el6_3.x86_64.rpm
     yelp-debuginfo-2.28.1-17.el6_3.x86_64.rpm
     libproxy-devel-0.3.0-4.el6_3.i686.rpm
     libproxy-devel-0.3.0-4.el6_3.x86_64.rpm
     libproxy-gnome-0.3.0-4.el6_3.x86_64.rpm
     libproxy-kde-0.3.0-4.el6_3.x86_64.rpm
     libproxy-mozjs-0.3.0-4.el6_3.x86_64.rpm
     libproxy-webkit-0.3.0-4.el6_3.x86_64.rpm
     xulrunner-devel-17.0.3-1.el6_3.i686.rpm
     xulrunner-devel-17.0.3-1.el6_3.x86_64.rpm
   i386
     firefox-17.0.3-1.el6_3.i686.rpm
     firefox-debuginfo-17.0.3-1.el6_3.i686.rpm
     libproxy-0.3.0-4.el6_3.i686.rpm
     libproxy-bin-0.3.0-4.el6_3.i686.rpm
     libproxy-debuginfo-0.3.0-4.el6_3.i686.rpm
     libproxy-python-0.3.0-4.el6_3.i686.rpm
     xulrunner-17.0.3-1.el6_3.i686.rpm
     xulrunner-debuginfo-17.0.3-1.el6_3.i686.rpm
     yelp-2.28.1-17.el6_3.i686.rpm
     yelp-debuginfo-2.28.1-17.el6_3.i686.rpm
     libproxy-devel-0.3.0-4.el6_3.i686.rpm
     libproxy-gnome-0.3.0-4.el6_3.i686.rpm
     libproxy-kde-0.3.0-4.el6_3.i686.rpm
     libproxy-mozjs-0.3.0-4.el6_3.i686.rpm
     libproxy-webkit-0.3.0-4.el6_3.i686.rpm
     xulrunner-devel-17.0.3-1.el6_3.i686.rpm

- Scientific Linux Development Team
 
CD: 2ms