1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2008-8425

[FEDORA-2008-8425] Fedora 9: firefox, xulrunner, cairo-dock, devhelp, blam & 16 more

Severity High
Affected Packages 21
CVEs 10
Info Packages References Vulnerabilities

Mozilla Firefox is an open source Web browser. Several flaws were found in
the processing of malformed web content. A web page containing malicious content
could cause Firefox to crash or, potentially, execute arbitrary code as the user
running Firefox. (CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,
CVE-2008-4063, CVE-2008-4064) Several flaws were found in the way malformed
web content was displayed. A web page containing specially crafted content could
potentially trick a Firefox user into surrendering sensitive information.
(CVE-2008-4067, CVE-2008-4068) A flaw was found in the way Firefox handles
mouse click events. A web page containing specially crafted JavaScript code
could move the content window while a mouse-button was pressed, causing any item
under the pointer to be dragged. This could, potentially, cause the user to
perform an unsafe drag-and-drop action. (CVE-2008-3837) A flaw was found in
Firefox that caused certain characters to be stripped from JavaScript code. This
flaw could allow malicious JavaScript to bypass or evade script filters.
(CVE-2008-4065) For technical details regarding these flaws, please see the
Mozilla security advisories for Firefox 3.0.2.[1] All Firefox users should
upgrade to these updated packages, which contain patches that correct these
issues. [1] http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.2

Package Affected Version
pkg:rpm/fedora/yelp?distro=fedora-9 < 2.22.1.5.fc9
pkg:rpm/fedora/xulrunner?distro=fedora-9 < 1.9.0.2.1.fc9
pkg:rpm/fedora/totem?distro=fedora-9 < 2.23.2.7.fc9
pkg:rpm/fedora/ruby-gnome2?distro=fedora-9 < 0.17.0.2.fc9
pkg:rpm/fedora/mugshot?distro=fedora-9 < 1.2.2.2.fc9
pkg:rpm/fedora/mozvoikko?distro=fedora-9 < 0.9.5.3.fc9
pkg:rpm/fedora/Miro?distro=fedora-9 < 1.2.4.3.fc9
pkg:rpm/fedora/kazehakase?distro=fedora-9 < 0.5.5.1.fc9.1
pkg:rpm/fedora/gtkmozembedmm?distro=fedora-9 < 1.4.2.cvs20060817.21.fc9
pkg:rpm/fedora/google-gadgets?distro=fedora-9 < 0.10.1.5.fc9
pkg:rpm/fedora/gnome-web-photo?distro=fedora-9 < 0.3.14.fc9
pkg:rpm/fedora/gnome-python2-extras?distro=fedora-9 < 2.19.1.18.fc9
pkg:rpm/fedora/galeon?distro=fedora-9 < 2.0.5.3.fc9
pkg:rpm/fedora/firefox?distro=fedora-9 < 3.0.2.1.fc9
pkg:rpm/fedora/evolution-rss?distro=fedora-9 < 0.1.0.3.fc9
pkg:rpm/fedora/epiphany?distro=fedora-9 < 2.22.2.4.fc9
pkg:rpm/fedora/epiphany-extensions?distro=fedora-9 < 2.22.1.4.fc9
pkg:rpm/fedora/devhelp?distro=fedora-9 < 0.19.1.4.fc9
pkg:rpm/fedora/chmsee?distro=fedora-9 < 1.0.1.5.fc9
pkg:rpm/fedora/cairo-dock?distro=fedora-9 < 1.6.2.3.1.fc9.1
pkg:rpm/fedora/blam?distro=fedora-9 < 1.8.5.2.fc9
ID
FEDORA-2008-8425
Severity
high
Severity from
CVE-2008-4061
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2008-8425
Published
2008-09-28T18:40:02
(16 years ago)
Modified
2008-09-28T18:40:02
(16 years ago)
Rights
Copyright 2008 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 449279 Bug #449279 - totem-video-thumbnailer fails to work with flash video files https://bugzilla.redhat.com/show_bug.cgi?id=449279
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/yelp?distro=fedora-9 fedora yelp < 2.22.1.5.fc9 fedora-9
Affected pkg:rpm/fedora/xulrunner?distro=fedora-9 fedora xulrunner < 1.9.0.2.1.fc9 fedora-9
Affected pkg:rpm/fedora/totem?distro=fedora-9 fedora totem < 2.23.2.7.fc9 fedora-9
Affected pkg:rpm/fedora/ruby-gnome2?distro=fedora-9 fedora ruby-gnome2 < 0.17.0.2.fc9 fedora-9
Affected pkg:rpm/fedora/mugshot?distro=fedora-9 fedora mugshot < 1.2.2.2.fc9 fedora-9
Affected pkg:rpm/fedora/mozvoikko?distro=fedora-9 fedora mozvoikko < 0.9.5.3.fc9 fedora-9
Affected pkg:rpm/fedora/Miro?distro=fedora-9 fedora Miro < 1.2.4.3.fc9 fedora-9
Affected pkg:rpm/fedora/kazehakase?distro=fedora-9 fedora kazehakase < 0.5.5.1.fc9.1 fedora-9
Affected pkg:rpm/fedora/gtkmozembedmm?distro=fedora-9 fedora gtkmozembedmm < 1.4.2.cvs20060817.21.fc9 fedora-9
Affected pkg:rpm/fedora/google-gadgets?distro=fedora-9 fedora google-gadgets < 0.10.1.5.fc9 fedora-9
Affected pkg:rpm/fedora/gnome-web-photo?distro=fedora-9 fedora gnome-web-photo < 0.3.14.fc9 fedora-9
Affected pkg:rpm/fedora/gnome-python2-extras?distro=fedora-9 fedora gnome-python2-extras < 2.19.1.18.fc9 fedora-9
Affected pkg:rpm/fedora/galeon?distro=fedora-9 fedora galeon < 2.0.5.3.fc9 fedora-9
Affected pkg:rpm/fedora/firefox?distro=fedora-9 fedora firefox < 3.0.2.1.fc9 fedora-9
Affected pkg:rpm/fedora/evolution-rss?distro=fedora-9 fedora evolution-rss < 0.1.0.3.fc9 fedora-9
Affected pkg:rpm/fedora/epiphany?distro=fedora-9 fedora epiphany < 2.22.2.4.fc9 fedora-9
Affected pkg:rpm/fedora/epiphany-extensions?distro=fedora-9 fedora epiphany-extensions < 2.22.1.4.fc9 fedora-9
Affected pkg:rpm/fedora/devhelp?distro=fedora-9 fedora devhelp < 0.19.1.4.fc9 fedora-9
Affected pkg:rpm/fedora/chmsee?distro=fedora-9 fedora chmsee < 1.0.1.5.fc9 fedora-9
Affected pkg:rpm/fedora/cairo-dock?distro=fedora-9 fedora cairo-dock < 1.6.2.3.1.fc9.1 fedora-9
Affected pkg:rpm/fedora/blam?distro=fedora-9 fedora blam < 1.8.5.2.fc9 fedora-9
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date