1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2008-9669

[FEDORA-2008-9669] Fedora 9: xulrunner, firefox, epiphany, chmsee, devhelp & 16 more

Severity High
Affected Packages 21
CVEs 12
Info Packages References Vulnerabilities

Updated firefox and xulrunner packages that fix various security issues are now
available for Fedora Core 9. This update has been rated as having critical
security impact by the Fedora Security Response Team. Mozilla Firefox is an
open source Web browser. Several flaws were found in the processing of
malformed web content. A web page containing malicious content could cause
Firefox to crash or, potentially, execute arbitrary code as the user running
Firefox. (CVE-2008-0017, CVE-2008-5014, CVE-2008-5016, CVE-2008-5017,
CVE-2008-5018, CVE-2008-5019, CVE-2008-5021) Several flaws were found in the
way malformed content was processed. A web site containing specially-crafted
content could potentially trick a Firefox user into surrendering sensitive
information. (CVE-2008-5022, CVE-2008-5023, CVE-2008-5024) A flaw was found
in the way Firefox opened "file:" URIs. If a file: URI was loaded in the same
tab as a chrome or privileged "about:" page, the file: URI could execute
arbitrary code with the permissions of the user running Firefox. (CVE-2008-5015)
For technical details regarding these flaws, please see the Mozilla security
advisories for Firefox 3.0.4[1]. All firefox users and users of packages
depending on xulrunner[2] should upgrade to these updated packages, which
contain patches that correct these issues. [1]
http://www.mozilla.org/security/known-
vulnerabilities/firefox30.html#firefox3.0.4 [2] cairo-dock chmsee devhelp
epiphany epiphany-extensions evolution-rss galeon gnome-python2-extras gnome-
web-photo google-gadgets gtkmozembedmm kazehakase Miro mozvoikko mugshot ruby-
gnome2 totem yelp Provides Python bindings for libgdl on PPC64. This update
fixes a build break.

Package Affected Version
pkg:rpm/fedora/yelp?distro=fedora-9 < 2.22.1.6.fc9
pkg:rpm/fedora/xulrunner?distro=fedora-9 < 1.9.0.4.1.fc9
pkg:rpm/fedora/totem?distro=fedora-9 < 2.23.2.8.fc9
pkg:rpm/fedora/seamonkey?distro=fedora-9 < 1.1.13.1.fc9
pkg:rpm/fedora/ruby-gnome2?distro=fedora-9 < 0.17.0.3.fc9
pkg:rpm/fedora/mugshot?distro=fedora-9 < 1.2.2.3.fc9
pkg:rpm/fedora/mozvoikko?distro=fedora-9 < 0.9.5.4.fc9
pkg:rpm/fedora/Miro?distro=fedora-9 < 1.2.7.2.fc9
pkg:rpm/fedora/kazehakase?distro=fedora-9 < 0.5.6.1.fc9.1
pkg:rpm/fedora/gtkmozembedmm?distro=fedora-9 < 1.4.2.cvs20060817.22.fc9
pkg:rpm/fedora/google-gadgets?distro=fedora-9 < 0.10.1.5.fc9.1
pkg:rpm/fedora/gnome-web-photo?distro=fedora-9 < 0.3.15.fc9
pkg:rpm/fedora/gnome-python2-extras?distro=fedora-9 < 2.19.1.21.fc9
pkg:rpm/fedora/galeon?distro=fedora-9 < 2.0.7.3.fc9
pkg:rpm/fedora/firefox?distro=fedora-9 < 3.0.4.1.fc9
pkg:rpm/fedora/evolution-rss?distro=fedora-9 < 0.1.0.4.fc9
pkg:rpm/fedora/epiphany?distro=fedora-9 < 2.22.2.5.fc9
pkg:rpm/fedora/epiphany-extensions?distro=fedora-9 < 2.22.1.5.fc9
pkg:rpm/fedora/devhelp?distro=fedora-9 < 0.19.1.6.fc9
pkg:rpm/fedora/chmsee?distro=fedora-9 < 1.0.1.6.fc9
pkg:rpm/fedora/cairo-dock?distro=fedora-9 < 1.6.3.1.1.fc9.1
ID
FEDORA-2008-9669
Severity
high
Severity from
CVE-2008-5014
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2008-9669
Published
2008-11-14T12:52:41
(16 years ago)
Modified
2008-11-14T12:52:41
(16 years ago)
Rights
Copyright 2008 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 470895 Bug #470895 - CVE-2008-5022 Mozilla nsXMLHttpRequest::NotifyEventListeners() same-origin violation https://bugzilla.redhat.com/show_bug.cgi?id=470895
Bugzilla 470881 Bug #470881 - CVE-2008-5016 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470881
Bugzilla 470873 Bug #470873 - CVE-2008-5014 Mozilla crash and remote code execution via __proto__ tampering https://bugzilla.redhat.com/show_bug.cgi?id=470873
Bugzilla 470903 Bug #470903 - CVE-2008-4582 Mozilla same origin policy bypass https://bugzilla.redhat.com/show_bug.cgi?id=470903
Bugzilla 470889 Bug #470889 - CVE-2008-5019 Mozilla XSS via session restore https://bugzilla.redhat.com/show_bug.cgi?id=470889
Bugzilla 470902 Bug #470902 - CVE-2008-5024 Mozilla parsing error in E4X default namespace https://bugzilla.redhat.com/show_bug.cgi?id=470902
Bugzilla 470884 Bug #470884 - CVE-2008-5018 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470884
Bugzilla 470892 Bug #470892 - CVE-2008-0017 Mozilla buffer overflow in http-index-format parser https://bugzilla.redhat.com/show_bug.cgi?id=470892
Bugzilla 470898 Bug #470898 - CVE-2008-5023 Mozilla -moz-binding property bypasses security checks on codebase principals https://bugzilla.redhat.com/show_bug.cgi?id=470898
Bugzilla 470894 Bug #470894 - CVE-2008-5021 Mozilla crash and remote code execution in nsFrameManager https://bugzilla.redhat.com/show_bug.cgi?id=470894
Bugzilla 470876 Bug #470876 - CVE-2008-5015 Mozilla file: URIs inherit chrome privileges https://bugzilla.redhat.com/show_bug.cgi?id=470876
Bugzilla 470883 Bug #470883 - CVE-2008-5017 Mozilla crash with evidence of memory corruption https://bugzilla.redhat.com/show_bug.cgi?id=470883
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/yelp?distro=fedora-9 fedora yelp < 2.22.1.6.fc9 fedora-9
Affected pkg:rpm/fedora/xulrunner?distro=fedora-9 fedora xulrunner < 1.9.0.4.1.fc9 fedora-9
Affected pkg:rpm/fedora/totem?distro=fedora-9 fedora totem < 2.23.2.8.fc9 fedora-9
Affected pkg:rpm/fedora/seamonkey?distro=fedora-9 fedora seamonkey < 1.1.13.1.fc9 fedora-9
Affected pkg:rpm/fedora/ruby-gnome2?distro=fedora-9 fedora ruby-gnome2 < 0.17.0.3.fc9 fedora-9
Affected pkg:rpm/fedora/mugshot?distro=fedora-9 fedora mugshot < 1.2.2.3.fc9 fedora-9
Affected pkg:rpm/fedora/mozvoikko?distro=fedora-9 fedora mozvoikko < 0.9.5.4.fc9 fedora-9
Affected pkg:rpm/fedora/Miro?distro=fedora-9 fedora Miro < 1.2.7.2.fc9 fedora-9
Affected pkg:rpm/fedora/kazehakase?distro=fedora-9 fedora kazehakase < 0.5.6.1.fc9.1 fedora-9
Affected pkg:rpm/fedora/gtkmozembedmm?distro=fedora-9 fedora gtkmozembedmm < 1.4.2.cvs20060817.22.fc9 fedora-9
Affected pkg:rpm/fedora/google-gadgets?distro=fedora-9 fedora google-gadgets < 0.10.1.5.fc9.1 fedora-9
Affected pkg:rpm/fedora/gnome-web-photo?distro=fedora-9 fedora gnome-web-photo < 0.3.15.fc9 fedora-9
Affected pkg:rpm/fedora/gnome-python2-extras?distro=fedora-9 fedora gnome-python2-extras < 2.19.1.21.fc9 fedora-9
Affected pkg:rpm/fedora/galeon?distro=fedora-9 fedora galeon < 2.0.7.3.fc9 fedora-9
Affected pkg:rpm/fedora/firefox?distro=fedora-9 fedora firefox < 3.0.4.1.fc9 fedora-9
Affected pkg:rpm/fedora/evolution-rss?distro=fedora-9 fedora evolution-rss < 0.1.0.4.fc9 fedora-9
Affected pkg:rpm/fedora/epiphany?distro=fedora-9 fedora epiphany < 2.22.2.5.fc9 fedora-9
Affected pkg:rpm/fedora/epiphany-extensions?distro=fedora-9 fedora epiphany-extensions < 2.22.1.5.fc9 fedora-9
Affected pkg:rpm/fedora/devhelp?distro=fedora-9 fedora devhelp < 0.19.1.6.fc9 fedora-9
Affected pkg:rpm/fedora/chmsee?distro=fedora-9 fedora chmsee < 1.0.1.6.fc9 fedora-9
Affected pkg:rpm/fedora/cairo-dock?distro=fedora-9 fedora cairo-dock < 1.6.3.1.1.fc9.1 fedora-9
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date