firefox-3.6.14-4.0.1.AXS4, xulrunner-1.9.2.14-3.0.1.AXS4

エラータID: AXSA:2011-93:01

リリース日: 
2011/03/11 Friday - 16:13
題名: 
firefox-3.6.14-4.0.1.AXS4, xulrunner-1.9.2.14-3.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability.
XULRunner provides the XUL Runtime environment for Gecko applications.
Security issues fixed with this release:
CVE-2010-1585
The nsIScriptableUnescapeHTML.parseFragment method in Mozilla Firefox does not properly sanitize HTML, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
CVE-2011-0051
Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, does not properly handle certain recursive eval calls, which makes it easier for remote attackers to force a user to respond positively to a dialog question, as demonstrated by a question about granting privileges.
CVE-2011-0053
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2011-0054
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an upvarMap issue.
CVE-2011-0055
Use-after-free vulnerability in the JSON.stringify method in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-0056
Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving exception timing and a large number of string values, aka an atom map issue.
CVE-2011-0057
Use-after-free vulnerability in the Web Workers implementation in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to execute arbitrary code via vectors related to a JavaScript Worker and garbage collection.
CVE-2011-0058
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
CVE-2011-0059
Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, allows remote attackers to hijack the authentication of arbitrary users for requests that were initiated by a plugin and received a 307 redirect to a page on a different web site.
CVE-2011-0061
Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JPEG image.
CVE-Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.14 and Thunderbird 3.1.x before 3.1.8 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. 2011-0062

解決策: 

Update packages.

追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-3.6.14-4.0.1.AXS4.src.rpm
    MD5: 718356c372cf3ee7d6188a5a83f2540d
    SHA-256: 3ccbf3c1c7d859e7df004e34f79e234d8cf011fdfa9d37ba63f25c8b37e55f83
    Size: 57.98 MB
  2. xulrunner-1.9.2.14-3.0.1.AXS4.src.rpm
    MD5: aa571f3eed07cd32d39eb8cde5bf41c7
    SHA-256: ceee95e92b3ec3c27b22052ca4bc44d4a8a6fe7657543b1d606a486ee3f7f0ad
    Size: 48.85 MB

Asianux Server 4 for x86
  1. firefox-3.6.14-4.0.1.AXS4.i686.rpm
    MD5: 5f6b7944bf7e74a72af5cdb6ffd973ed
    SHA-256: e8ce00f8c2b5855b75df60c89391f759815afc4a580f2245651e7983f67c5588
    Size: 14.05 MB
  2. xulrunner-1.9.2.14-3.0.1.AXS4.i686.rpm
    MD5: ce7c1fef85f31b4e1ceccefc4d38c2ed
    SHA-256: ef0e52a01fa2cccec0d041d532cd06bbc9c7e196335f6be511c7f7d8bc4c2350
    Size: 9.17 MB

Asianux Server 4 for x86_64
  1. firefox-3.6.14-4.0.1.AXS4.x86_64.rpm
    MD5: 63f2a4d5fef9767e7f28c553ed684803
    SHA-256: 25b68f4924004b756f4021251564693cdee3c5b29b4d03e98e65d8ea68019300
    Size: 14.04 MB
  2. xulrunner-1.9.2.14-3.0.1.AXS4.x86_64.rpm
    MD5: f7da317ea7644b9bc809645c7a74cda2
    SHA-256: fdcd6819617088cd465e99f148e5a7d4b9fe62ba15675a49a2f68455829198b8
    Size: 8.92 MB
  3. xulrunner-1.9.2.14-3.0.1.AXS4.i686.rpm
    MD5: ce7c1fef85f31b4e1ceccefc4d38c2ed
    SHA-256: ef0e52a01fa2cccec0d041d532cd06bbc9c7e196335f6be511c7f7d8bc4c2350
    Size: 9.17 MB