firefox-3.0.14-1.1AXS3

エラータID: AXSA:2009-397:03

Release date: 
Monday, September 21, 2009 - 13:46
Subject: 
firefox-3.0.14-1.1AXS3
Affected Channels: 
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
Fixed bugs:
CVE-2009-2654
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers
to spoof the address bar, and possibly conduct phishing attacks, via a crafted
web page that calls window.open with an invalid character in the URL, makes
document.write calls to the resulting object, and then calls the stop method
during the loading of the error page.
CVE-2009-3070
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3071
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3072
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3074
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3075
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3076
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
CVE-2009-3077
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a dangling pointer vulnerability.
CVE-2009-3078
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
CVE-2009-3079
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.

Solution: 

Update packages.

CVEs: 
CVE-2009-2654
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
CVE-2009-3070
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3071
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3072
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.3, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the BinHex decoder in netwerk/streamconv/converters/nsBinHexDecoder.cpp, and unknown vectors.
CVE-2009-3074
Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3075
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.
CVE-2009-3076
Mozilla Firefox before 3.0.14 does not properly implement certain dialogs associated with the (1) pkcs11.addmodule and (2) pkcs11.deletemodule operations, which makes it easier for remote attackers to trick a user into installing or removing an arbitrary PKCS11 module.
CVE-2009-3077
Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not properly manage pointers for the columns (aka TreeColumns) of a XUL tree element, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to a "dangling pointer vulnerability."
CVE-2009-3078
Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to trigger a vertical scroll and spoof URLs via unspecified Unicode characters with a tall line-height property.
CVE-2009-3079
Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, allows remote attackers to execute arbitrary JavaScript with chrome privileges via vectors involving an object, the FeedWriter, and the BrowserFeedWriter.


Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-3.0.14-1.1AXS3.src.rpm
    MD5: e9474ff01d6997ee36411c90a5f863db
    SHA-256: 37fdbd7cc4434b98908622141541080646257bfb1eabeab6a802c8c801e199bc
    Size: 42.96 MB
  2. xulrunner-1.9.0.14-1.1AXS3.src.rpm
    MD5: bce4f632f3c3b89cd329ba5437fab8ce
    SHA-256: c7e3b2156a8de74500b7dc6fd9bcaff45de79a6cfb0178795c63265ab34bd6e0
    Size: 35.51 MB

Asianux Server 3 for x86
  1. firefox-3.0.14-1.1AXS3.i386.rpm
    MD5: a42cc3e8e10032af18452241bfcd908d
    SHA-256: f8b2e0e64079116fd5db72b7c49f60081b005772386f7f49783e5cfc137c1c78
    Size: 12.06 MB
  2. xulrunner-1.9.0.14-1.1AXS3.i386.rpm
    MD5: f3e507e8b16145e980a8e6d68777c9ac
    SHA-256: 8b2db984bc1d98eb5bcdcc1b234c00f37c1aad4162f56ce10d8f864e9e590b7c
    Size: 10.00 MB

Asianux Server 3 for x86_64
  1. firefox-3.0.14-1.1AXS3.x86_64.rpm
    MD5: 037f86158f06521f616c13513ee5a372
    SHA-256: f4458c3d927a0a6a5b96138dae742a78c0e04b4187913d0ecae516793f0f0847
    Size: 12.06 MB
  2. xulrunner-1.9.0.14-1.1AXS3.x86_64.rpm
    MD5: 5fc8847668819e020722caf681a7b510
    SHA-256: 541b1fc280a5555fda9319386e09b1ad0da6428e0990c9c0983c65ded2f6c9fa
    Size: 10.41 MB