firefox-3.0.16-1.1AXS3
エラータID: AXSA:2009-445:05
Release date:
Monday, December 21, 2009 - 14:40
Subject:
firefox-3.0.16-1.1AXS3
Affected Channels:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
Security bugs fixed with this release:
CVE-2009-3979
CVE-2009-3981
CVE-2009-3983
CVE-2009-3984
CVE-2009-3985
CVE-2009-3986
No description available at the time of writing, please see CVE links below.
Solution:
Update packages
CVEs:
CVE-2009-3979
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3981
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Unspecified vulnerability in the browser engine in Mozilla Firefox before 3.0.16, SeaMonkey before 2.0.1, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2009-3983
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user.
CVE-2009-3984
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to spoof an SSL indicator for an http URL or a file URL by setting document.location to an https URL corresponding to a site that responds with a No Content (aka 204) status code and an empty body.
CVE-2009-3985
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to associate spoofed content with an invalid URL by setting document.location to this URL, and then writing arbitrary web script or HTML to the associated blank document, a related issue to CVE-2009-2654.
CVE-2009-3986
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to execute arbitrary JavaScript with chrome privileges by leveraging a reference to a chrome window from a content window, related to the window.opener property.
Additional Info:
N/A
Download:
SRPMS
- firefox-3.0.16-1.1AXS3.src.rpm
MD5: da72f37527dc18eaebd7c76ace2a24dd
SHA-256: b8dafed1264a807410a1d0222f337542641065a42655bedfd29f070c8e5c033f
Size: 42.98 MB - xulrunner-1.9.0.16-2.1AXS3.src.rpm
MD5: 02d07041775df66612dbb63daf9072ea
SHA-256: 54509ae069102ba85b98ecd7a2e67e3d510a3eb20c7894f9b7db08b334b2580a
Size: 35.53 MB
Asianux Server 3 for x86
- firefox-3.0.16-1.1AXS3.i386.rpm
MD5: 528ba7dfc87d59f0cf288139197ed962
SHA-256: bcc38cfc4dbe854c03b2239c83f098a3d6056dc2b234dff905992037df122148
Size: 12.06 MB - xulrunner-1.9.0.16-2.1AXS3.i386.rpm
MD5: 80c189c60cddc8e29fabcc73696209f9
SHA-256: d842bacf28c29e6a08bd840f0ba06853b9f57c62c459fc9a888e75da81cb772a
Size: 10.00 MB
Asianux Server 3 for x86_64
- firefox-3.0.16-1.1AXS3.x86_64.rpm
MD5: ba84744fe88bbf71f4ded7074123c1df
SHA-256: 7c38887faa5ea58751f84d525bd8c84dea0571c594905f3a480c72ae4a105324
Size: 12.06 MB - xulrunner-1.9.0.16-2.1AXS3.x86_64.rpm
MD5: 201789926a308a3a67d5ec3b7e97e178
SHA-256: 1ade98de9e8432a47733f34fa481365c6e776d07a625d6e6e20a98f5ad571ac5
Size: 10.42 MB
日本語