slesp2-MozillaFirefoxSecurity update for Mozilla FirefoxSecurity update for Mozilla FirefoxMozillaFirefox was updated to the 3.0.13 release, fixing
some security issues and bugs:
MFSA 2009-44 / CVE-2009-2654: Security researcher Juan
Pablo Lopez Yacubian reported that an attacker could call
window.open() on an invalid URL which looks similar to a
legitimate URL and then use document.write() to place
content within the new document, appearing to have come
from the spoofed location. Additionally, if the spoofed
document was created by a document with a valid SSL
certificate, the SSL indicators would be carried over into
the spoofed document. An attacker could use these issues to
display misleading location and SSL information for a
malicious web page.
MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via vectors related to the
TraceRecorder::snapshot function in js/src/jstracer.cpp,
and unspecified other vectors.
CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as
used in Mozilla Firefox before 3.0.13 and 3.5.x before
3.5.2 and other products, allows context-dependent
attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code
via a crafted .ogg file.
CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in
js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (assertion
failure and application exit) or possibly execute arbitrary
code via a crafted .js file, related to a "memory safety
bug."
MozillaFirefox was updated to the 3.0.13 release, fixing
some security issues and bugs:
MFSA 2009-44 / CVE-2009-2654: Security researcher Juan
Pablo Lopez Yacubian reported that an attacker could call
window.open() on an invalid URL which looks similar to a
legitimate URL and then use document.write() to place
content within the new document, appearing to have come
from the spoofed location. Additionally, if the spoofed
document was created by a document with a valid SSL
certificate, the SSL indicators would be carried over into
the spoofed document. An attacker could use these issues to
display misleading location and SSL information for a
malicious web page.
MFSA 2009-45 / CVE-2009-2662:The browser engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute
arbitrary code via vectors related to the
TraceRecorder::snapshot function in js/src/jstracer.cpp,
and unspecified other vectors.
CVE-2009-2663 / MFSA 2009-45: libvorbis before r16182, as
used in Mozilla Firefox before 3.0.13 and 3.5.x before
3.5.2 and other products, allows context-dependent
attackers to cause a denial of service (memory corruption
and application crash) or possibly execute arbitrary code
via a crafted .ogg file.
CVE-2009-2664 / MFSA 2009-45: The js_watch_set function in
js/src/jsdbgapi.cpp in the JavaScript engine in Mozilla
Firefox before 3.0.13, and 3.5.x before 3.5.2, allows
remote attackers to cause a denial of service (assertion
failure and application exit) or possibly execute arbitrary
code via a crafted .js file, related to a "memory safety
bug."
securityMozillaFirefoxi58659e2ed04160ad9354cd5ab660c359a45e3770e95MozillaFirefox-branding-SLEDi58655ae4dff1ca3df883858c69318c0b4e611c044f1MozillaFirefox-translationsi586fa30bc3a44af9f8441386d0f4d898e19d5af6d99firefox3-atki58652d691806a59efda4a1694c034ac08d8f2de4204firefox3-cairoi586747c62639941ca156f520f1ef5cc881d4cfd8124firefox3-glib2i586fdadc0145691544b23f960fd08b546e4c9d13ecdfirefox3-gtk2i586ed61c3a74b623c9fba807f8df2b057763be65332firefox3-pangoi586eaa39dd59029fea6f871b21db47db93752e7451fmozilla-xulrunner190i5860ec0b25755cc536c889a5ec689b563d880aaaf98mozilla-xulrunner190-gnomevfsi586f39235d43aefe2842718c3c0dfdc6206ad2fb5efmozilla-xulrunner190-translationsi586cea7bea825b2900607ec91c13ed1c4764de5eb6e