Updated firefox packages that fix several security bugs are now available for Red Hat Enterprise Linux 4.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Mozilla Firefox is an open source Web browser.

Several flaws were found in the way Firefox processed certain malformed JavaScript code. A malicious web page could execute JavaScript code in such a way that may result in Firefox crashing or executing arbitrary code as the user running Firefox. (CVE-2007-0775, CVE-2007-0777)

Several cross-site scripting (XSS) flaws were found in the way Firefox processed certain malformed web pages. A malicious web page could display misleading information which may result in a user unknowingly divulging sensitive information such as a password. (CVE-2006-6077, CVE-2007-0995, CVE-2007-0996)

A flaw was found in the way Firefox cached web pages on the local disk. A malicious web page may be able to inject arbitrary HTML into a browsing session if the user reloads a targeted site. (CVE-2007-0778)

A flaw was found in the way Firefox displayed certain web content. A malicious web page could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are visiting a different site.
(CVE-2007-0779)

Two flaws were found in the way Firefox displayed blocked popup windows. If a user can be convinced to open a blocked popup, it is possible to read arbitrary local files, or conduct an XSS attack against the user. (CVE-2007-0780, CVE-2007-0800)

Two buffer overflow flaws were found in the Network Security Services (NSS) code for processing the SSLv2 protocol. Connecting to a malicious secure web server could cause the execution of arbitrary code as the user running Firefox. (CVE-2007-0008, CVE-2007-0009)

A flaw was found in the way Firefox handled the 'location.hostname' value during certain browser domain checks. This flaw could allow a malicious web site to set domain cookies for an arbitrary site, or possibly perform an XSS attack. (CVE-2007-0981)

Users of Firefox are advised to upgrade to these erratum packages, which contain Firefox version 1.5.0.10 that corrects these issues.

This update brings Mozilla Firefox to security update version 2.0.0.2.

  - MFSA 2007-01: As part of the Firefox 2.0.0.2 and     1.5.0.10 update releases several bugs were fixed to     improve the stability of the browser. Some of these were     crashes that showed evidence of memory corruption and we     presume that with enough effort at least some of these     could be exploited to run arbitrary code. These fixes     affected the layout engine (CVE-2007-0775), SVG renderer     (CVE-2007-0776) and JavaScript engine (CVE-2007-0777).

  - MFSA 2007-02: Various enhancements were done to make XSS     exploits against websites less effective. These included     fixes for invalid trailing characters (CVE-2007-0995),     child frame character set inheritance (CVE-2007-0996),     password form injection (CVE-2006-6077), and the Adobe     Reader universal XSS problem.

  - MFSA 2007-03/CVE-2007-0778: AAd reported a potential     disk cache collision that could be exploited by remote     attackers to steal confidential data or execute code.

  - MFSA 2007-04/CVE-2007-0779: David Eckel reported that     browser UI elements--such as the host name and security     indicators--could be spoofed by using a large, mostly     transparent, custom cursor and adjusting the CSS3     hotspot property so that the visible part of the cursor     floated outside the browser content area.

  - MFSA 2007-05: Manually opening blocked popups could be     exploited by remote attackers to allow XSS attacks     (CVE-2007-0780) or to execute code in local files     (CVE-2007-0800).

  - MFSA 2007-06: Two buffer overflows were found in the NSS     handling of Mozilla.

    CVE-2007-0008: SSL clients such as Firefox and     Thunderbird can suffer a buffer overflow if a malicious     server presents a certificate with a public key that is     too small to encrypt the entire 'Master Secret'.
    Exploiting this overflow appears to be unreliable but     possible if the SSLv2 protocol is enabled.

    CVE-2007-0009: Servers that use NSS for the SSLv2     protocol can be exploited by a client that presents a     'Client Master Key' with invalid length values in any of     several fields that are used without adequate error     checking. This can lead to a buffer overflow that     presumably could be exploitable.

  - MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated     that setting location.hostname to a value with embedded     null characters can confuse the browsers domain checks.
    Setting the value triggers a load, but the networking     software reads the hostname only up to the null     character while other checks for 'parent domain' start     at the right and so can have a completely different idea     of what the current host is.

This security update brings Mozilla SeaMonkey to version 1.1.1.

http://www.mozilla.org/projects/security/known-vulnerabilities.html for more details.

It includes fixes to the following security problems :

  - MFSA 2007-01: As part of the Firefox 2.0.0.2 and     1.5.0.10 update releases several bugs were fixed to     improve the stability of the browser. Some of these were     crashes that showed evidence of memory corruption and we     presume that with enough effort at least some of these     could be exploited to run arbitrary code. These fixes     affected the layout engine (CVE-2007-0775), SVG renderer     (CVE-2007-0776) and JavaScript engine (CVE-2007-0777).

  - MFSA 2007-02: Various enhancements were done to make XSS     exploits against websites less effective. These included     fixes for invalid trailing characters (CVE-2007-0995),     child frame character set inheritance (CVE-2007-0996),     password form injection (CVE-2006-6077), and the Adobe     Reader universal XSS problem.

  - MFSA 2007-03/CVE-2007-0778: AAd reported a potential     disk cache collision that could be exploited by remote     attackers to steal confidential data or execute code.

  - MFSA 2007-04/CVE-2007-0779: David Eckel reported that     browser UI elements--such as the host name and security     indicators--could be spoofed by using a large, mostly     transparent, custom cursor and adjusting the CSS3     hotspot property so that the visible part of the cursor     floated outside the browser content area.

  - MFSA 2007-05: Manually opening blocked popups could be     exploited by remote attackers to allow XSS attacks     (CVE-2007-0780) or to execute code in local files     (CVE-2007-0800).

  - MFSA 2007-06: Two buffer overflows were found in the NSS     handling of Mozilla.

    CVE-2007-0008: SSL clients such as Firefox and     Thunderbird can suffer a buffer overflow if a malicious     server presents a certificate with a public key that is     too small to encrypt the entire 'Master Secret'.
    Exploiting this overflow appears to be unreliable but     possible if the SSLv2 protocol is enabled.

    CVE-2007-0009: Servers that use NSS for the SSLv2     protocol can be exploited by a client that presents a     'Client Master Key' with invalid length values in any of     several fields that are used without adequate error     checking. This can lead to a buffer overflow that     presumably could be exploitable.

  - MFSA 2007-06/CVE-2007-0981: Michal Zalewski demonstrated     that setting location.hostname to a value with embedded     null characters can confuse the browsers domain checks.
    Setting the value triggers a load, but the networking     software reads the hostname only up to the null     character while other checks for 'parent domain' start     at the right and so can have a completely different idea     of what the current host is.

This update brings Mozilla Firefox to security update version 1.5.0.10.

  - As part of the Firefox 2.0.0.2 and 1.5.0.10 update     releases several bugs were fixed to improve the     stability of the browser. Some of these were crashes     that showed evidence of memory corruption and we presume     that with enough effort at least some of these could be     exploited to run arbitrary code. These fixes affected     the layout engine (CVE-2007-0775), SVG renderer     (CVE-2007-0776) and JavaScript engine. (CVE-2007-0777).
    (MFSA 2007-01)

  - Various enhancements were done to make XSS exploits     against websites less effective. These included fixes     for invalid trailing characters (CVE-2007-0995), child     frame character set inheritance (CVE-2007-0996),     password form injection (CVE-2006-6077), and the Adobe     Reader universal XSS problem. (MFSA 2007-02)

  - AAd reported a potential disk cache collision that could     be exploited by remote attackers to steal confidential     data or execute code. (MFSA 2007-03 / CVE-2007-0778)

  - David Eckel reported that browser UI elements--such as     the host name and security indicators--could be spoofed     by using a large, mostly transparent, custom cursor and     adjusting the CSS3 hotspot property so that the visible     part of the cursor floated outside the browser content     area. (MFSA 2007-04 / CVE-2007-0779)

  - Manually opening blocked popups could be exploited by     remote attackers to allow XSS attacks (CVE-2007-0780) or     to execute code in local files. (CVE-2007-0800). (MFSA     2007-05)

  - Two buffer overflows were found in the NSS handling of     Mozilla. (MFSA 2007-06)

  - SSL clients such as Firefox and Thunderbird can suffer a     buffer overflow if a malicious server presents a     certificate with a public key that is too small to     encrypt the entire 'Master Secret'. Exploiting this     overflow appears to be unreliable but possible if the     SSLv2 protocol is enabled. (CVE-2007-0008)

  - Servers that use NSS for the SSLv2 protocol can be     exploited by a client that presents a 'Client Master     Key' with invalid length values in any of several fields     that are used without adequate error checking. This can     lead to a buffer overflow that presumably could be     exploitable. (CVE-2007-0009)

  - Michal Zalewski demonstrated that setting     location.hostname to a value with embedded null     characters can confuse the browsers domain checks.
    Setting the value triggers a load, but the networking     software reads the hostname only up to the null     character while other checks for 'parent domain' start     at the right and so can have a completely different idea     of what the current host is. (MFSA 2007-06 /     CVE-2007-0981)

 The remote version of Mozilla Thunderbird suffers from various security issues, at least one of which may lead to execution of arbitrary code on the affected host subject to the user's privileges. 

The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system.  The version of LedgerSMB or SQL-Ledger on the remote host contains a design flaw that can be leveraged by a remote attacker to bypass authentication and can gain administrative access of the application.

Versions of Mozilla Firefox 1.5.x prior ot 1.5.0.10, or 2.x prior to 2.0.0.2 are affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

The installed version of SeaMonkey contains various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

The installed version of Firefox is affected by various security issues, some of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

The remote version of Mozilla Thunderbird suffers from various security issues, at least one of which may lead to execution of arbitrary code on the affected host subject to the user's privileges.

ID	Name	Product	Family	Published	Updated	Severity
24704	CentOS 4 : firefox (CESA-2007:0079)	Nessus	CentOS Local Security Checks	2/26/2007	1/4/2021	high
27118	openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-2647)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	high
27439	openSUSE 10 Security Update : seamonkey (seamonkey-2691)	Nessus	SuSE Local Security Checks	10/17/2007	1/14/2021	high
29359	SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 2683)	Nessus	SuSE Local Security Checks	12/13/2007	1/14/2021	high
3931	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities (deprecated)	Nessus Network Monitor	SMTP Clients	3/2/2007	3/6/2019	medium
3942	LedgerSMB / SQL-Ledger Authentication Bypass	Nessus Network Monitor	Web Servers	3/12/2007	3/6/2019	medium
3922	Mozilla Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	2/26/2007	3/6/2019	medium
3927	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	2/28/2007	3/6/2019	medium
800760	Firefox < 1.5.0.10 / 2.0.0.2 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high
800879	SeaMonkey < 1.0.8 Multiple Vulnerabilities	Log Correlation Engine	Web Clients			high
801328	Mozilla Thunderbird < 1.5.0.10 Multiple Vulnerabilities	Log Correlation Engine	SMTP Clients			high

Detections

Analytics

Plugins Search

high

high

high

high

medium

medium

medium

medium

high

high

high