firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4

エラータID: AXSA:2012-194:02

Release date: 
Monday, February 20, 2012 - 12:08
Subject: 
firefox-3.6.26-1.0.1.AXS4, xulrunner-1.9.2.26-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
Security issues fixed with this release:
CVE-2011-3659
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
CVE-2011-3670
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
CVE-2012-0442
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0444
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
CVE-2012-0449
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.

Solution: 

Update packages.

CVEs: 
CVE-2011-3659
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
CVE-2011-3670
Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before 3.1.18 and 5.0 through 6.0, and SeaMonkey before 2.4 do not properly enforce the IPv6 literal address syntax, which allows remote attackers to obtain sensitive information by making XMLHttpRequest calls through a proxy and reading the error messages.
CVE-2012-0442
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2012-0444
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
CVE-2012-0449
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-3.6.26-1.0.1.AXS4.src.rpm
    MD5: e6d2295a87aee9fc83ab7f29405cd1d3
    SHA-256: 9ca4e2ba80a04372ec2547cef3d079fe82380a0d874c6cde261cf638a923643c
    Size: 58.31 MB
  2. xulrunner-1.9.2.26-1.0.1.AXS4.src.rpm
    MD5: 22a15a2845c444e468c32a9c88682c5c
    SHA-256: dfc344b30cefb83fa7d166d9bce84a26dcad82d2fdb46c29afa0585432e73cb9
    Size: 49.06 MB

Asianux Server 4 for x86
  1. firefox-3.6.26-1.0.1.AXS4.i686.rpm
    MD5: c7a25ded81b0d3bd2fcb6538760d8e3f
    SHA-256: 62dbac87e6a32268cd19d3b75404481d503a3dcfae2cc4ee3b25d0b1fb1f3485
    Size: 14.22 MB
  2. xulrunner-1.9.2.26-1.0.1.AXS4.i686.rpm
    MD5: 3a0e7f6484ab96e6a2e5f88babb56438
    SHA-256: 0e763a1bfa61c91407f6b5c3b2b5f4927822d362d87af4e144a68e87e0cd01f2
    Size: 9.42 MB

Asianux Server 4 for x86_64
  1. firefox-3.6.26-1.0.1.AXS4.x86_64.rpm
    MD5: 4c8cfa0f20189c680ae4376286aa2ad0
    SHA-256: 68c32b0427a4b14dcb137ee1e08bcaaae01d6728de5a751f861e15ea1a2f7d42
    Size: 14.21 MB
  2. firefox-3.6.26-1.0.1.AXS4.i686.rpm
    MD5: c7a25ded81b0d3bd2fcb6538760d8e3f
    SHA-256: 62dbac87e6a32268cd19d3b75404481d503a3dcfae2cc4ee3b25d0b1fb1f3485
    Size: 14.22 MB
  3. xulrunner-1.9.2.26-1.0.1.AXS4.x86_64.rpm
    MD5: 7c0a4205008d33f3d9bc3309eb9cf0aa
    SHA-256: 8b1672f09bf402ad5706a03745deaa1730efd056e0cd587d6c02190ffbe0db07
    Size: 9.12 MB
  4. xulrunner-1.9.2.26-1.0.1.AXS4.i686.rpm
    MD5: 3a0e7f6484ab96e6a2e5f88babb56438
    SHA-256: 0e763a1bfa61c91407f6b5c3b2b5f4927822d362d87af4e144a68e87e0cd01f2
    Size: 9.42 MB