sdkp2-MozillaFirefoxSecurity update for Mozilla FirefoxSecurity update for Mozilla FirefoxMozillaFirefox was updated to the 3.0.13 release, fixing
some security issues and bugs:
MFSA 2009-44 / CVE-2009-2654: Security researcher Juan
Pablo Lopez Yacubian reported that an attacker could call
window.open() on an invalid URL which looks similar to a
legitimate URL and then use document.write() to place
content within the new document, appearing to have come
from the spoofed location. Additionally, if the spoofed
document was created by a document with a valid SSL
certificate, the SSL indicators would be carried over into
the spoofed document. An attacker could use these issues to
display misleading location and SSL information for a
malicious web page.
MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via vectors related to the
TraceRecorder::snapshot function in js/src/jstracer.cpp,
and unspecified other vectors.
CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as
used in Mozilla Firefox before 3.0.13 and 3.5.x before
3.5.2 and other products, allows context-dependent
attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code
via a crafted .ogg file.
CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in
js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (assertion
failure and application exit) or possibly execute arbitrary
code via a crafted .js file, related to a "memory safety
bug."
MozillaFirefox was updated to the 3.0.13 release, fixing
some security issues and bugs:
MFSA 2009-44 / CVE-2009-2654: Security researcher Juan
Pablo Lopez Yacubian reported that an attacker could call
window.open() on an invalid URL which looks similar to a
legitimate URL and then use document.write() to place
content within the new document, appearing to have come
from the spoofed location. Additionally, if the spoofed
document was created by a document with a valid SSL
certificate, the SSL indicators would be carried over into
the spoofed document. An attacker could use these issues to
display misleading location and SSL information for a
malicious web page.
MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via vectors related to the
TraceRecorder::snapshot function in js/src/jstracer.cpp,
and unspecified other vectors.
CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as
used in Mozilla Firefox before 3.0.13 and 3.5.x before
3.5.2 and other products, allows context-dependent
attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code
via a crafted .ogg file.
CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in
js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (assertion
failure and application exit) or possibly execute arbitrary
code via a crafted .js file, related to a "memory safety
bug."
securityMozillaFirefox-branding-upstreami586926c78b70abdc96d0d63277ad16b19f63d324f83firefox3-atk-develx86_6446513b47ef321e7d0af37c4ad82c2e53776d64b5firefox3-atk-docx86_64c3d11d8c59fb044befcf01f08ad6f2886444bbfdfirefox3-cairo-develx86_64c0ff9ddb0564b3b61483a11b9a831dab5464b3b1firefox3-cairo-docx86_64f2f9b404ebebdab688bfc86acc6297e9f211d7a5firefox3-glib2-develx86_64df73a00a3dd24bcfe38daffc515d68079f8b8dbffirefox3-glib2-docx86_648da2275eecdfc9554c99df65720a024c28cc7379firefox3-gtk2-develx86_64bd8785f7d5cd6d231c4510b88f59500242846a64firefox3-gtk2-docx86_64fdcfad5836df7d5f3de58eca3a5af0d2495e5288firefox3-pango-develx86_64b2ca77798ca2d3c1f78f435a24c382c2d7ed43d1firefox3-pango-docx86_6447e804965bf7344727d2e14a42d2f1d1c0cefccdmozilla-xulrunner190-develx86_64ae786b19043096c1bf6375e0cdac64488e0903e4python-xpcom190x86_646f03d5ae34cc4cf125885eb59dbd3efefaf54c3f