[FEDORA-2007-756] Fedora 6: firefox
Updated firefox packages that fix several security issues
are now available for Fedora Core 6.
This update has been rated as having critical security
impact by the Fedora Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox
handled the jar: URI scheme. It was possible for a malicious
website to leverage this flaw and conduct a cross-site
scripting attack against a user running Firefox. (CVE-2007-5947)
Several flaws were found in the way Firefox processed
certain malformed web content. A webpage containing
malicious content could cause Firefox to crash, or
potentially execute arbitrary code as the user running
Firefox. (CVE-2007-5959)
A race condition existed when Firefox set the
"window.location" property for a webpage. This flaw could
allow a webpage to set an arbitrary Referer header, which
may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for
protection. (CVE-2007-5960)
Users of Firefox are advised to upgrade to these updated
packages, which contain backported patches to resolve these
issues.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/firefox?distro=fedora-6
|
< 1.5.0.12.7.fc6 |
- ID
- FEDORA-2007-756
- Severity
- high
- Severity from
- CVE-2007-5959
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2007-756
- Published
-
2007-12-03T15:43:57
(17 years ago) - Modified
-
2007-12-03T15:43:57
(17 years ago) - Rights
- Copyright 2007 Red Hat, Inc.
- Other Advisories
ELSA-2007-1082
FREEBSD:F1F6F6DA-9D2F-11DC-9114-001C2514716C
GLSA-200712-21
USN-546-1
VU:715737| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/firefox?distro=fedora-6 | fedora |
firefox
|
< 1.5.0.12.7.fc6 | fedora-6 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |