[FEDORA-2010-18773] Fedora 14: firefox, perl-Gtk2-MozEmbed, gnome-web-photo, galeon, mozvoikko & 2 more

Severity High

Affected Packages 7

CVEs 12

Update to new upstream Firefox version 3.6.13, fixing multiple security issues detailed in the upstream advisories:

http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.13

Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.

Package	Affected Version
pkg:rpm/fedora/xulrunner?distro=fedora-14	< 1.9.2.13.1.fc14
pkg:rpm/fedora/perl-Gtk2-MozEmbed?distro=fedora-14	< 0.08.6.fc14.22
pkg:rpm/fedora/mozvoikko?distro=fedora-14	< 1.0.17.fc14.1
pkg:rpm/fedora/gnome-web-photo?distro=fedora-14	< 0.9.16.fc14.1
pkg:rpm/fedora/gnome-python2-extras?distro=fedora-14	< 2.25.3.26.fc14.1
pkg:rpm/fedora/galeon?distro=fedora-14	< 2.0.7.36.fc14.1
pkg:rpm/fedora/firefox?distro=fedora-14	< 3.6.13.1.fc14

ID

FEDORA-2010-18773

Severity

high

Severity from

CVE-2010-3766

URL

https://bodhi.fedoraproject.org/updates/FEDORA-2010-18773

Published

2010-12-10T20:27:49
(13 years ago)

Modified

2010-12-10T20:27:49
(13 years ago)

Rights

Other Advisories

Source	# ID	Name	URL
Bugzilla	660415	Bug #660415 - CVE-2010-3777 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)	https://bugzilla.redhat.com/show_bug.cgi?id=660415
Bugzilla	660431	Bug #660431 - CVE-2010-3767 Mozilla integer overflow vulnerability in NewIdArray (MFSA 2010-81)	https://bugzilla.redhat.com/show_bug.cgi?id=660431
Bugzilla	660429	Bug #660429 - CVE-2010-3766 Mozilla use-after-free error with nsDOMAttribute MutationObserver (MFSA 2010-80)	https://bugzilla.redhat.com/show_bug.cgi?id=660429
Bugzilla	660438	Bug #660438 - CVE-2010-3774 Mozilla location bar SSL spoofing using network error page (MFSA 2010-83)	https://bugzilla.redhat.com/show_bug.cgi?id=660438
Bugzilla	660420	Bug #660420 - CVE-2010-3768 Mozilla add support for OTS font sanitizer (MFSA 2010-78)	https://bugzilla.redhat.com/show_bug.cgi?id=660420
Bugzilla	660408	Bug #660408 - CVE-2010-3776 Mozilla miscellaneous memory safety hazards (MFSA 2010-74)	https://bugzilla.redhat.com/show_bug.cgi?id=660408
Bugzilla	660439	Bug #660439 - CVE-2010-3770 Mozilla XSS hazard in multiple character encodings (MFSA 2010-84)	https://bugzilla.redhat.com/show_bug.cgi?id=660439
Bugzilla	660417	Bug #660417 - CVE-2010-3771 Mozilla Chrome privilege escalation with window.open and <isindex> element (MFSA 2010-76)	https://bugzilla.redhat.com/show_bug.cgi?id=660417
Bugzilla	660435	Bug #660435 - CVE-2010-3773 Mozilla incomplete fix for CVE-2010-0179 (MFSA 2010-82)	https://bugzilla.redhat.com/show_bug.cgi?id=660435
Bugzilla	660419	Bug #660419 - CVE-2010-3772 Mozilla crash and remote code execution using HTML tags inside a XUL tree (MFSA 2010-77)	https://bugzilla.redhat.com/show_bug.cgi?id=660419
Bugzilla	660422	Bug #660422 - CVE-2010-3775 Mozilla Java security bypass from LiveConnect loaded via data: URL meta refresh (MFSA 2010-79)	https://bugzilla.redhat.com/show_bug.cgi?id=660422

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/fedora/xulrunner?distro=fedora-14	fedora	xulrunner	< 1.9.2.13.1.fc14	fedora-14
Affected	pkg:rpm/fedora/perl-Gtk2-MozEmbed?distro=fedora-14	fedora	perl-Gtk2-MozEmbed	< 0.08.6.fc14.22	fedora-14
Affected	pkg:rpm/fedora/mozvoikko?distro=fedora-14	fedora	mozvoikko	< 1.0.17.fc14.1	fedora-14
Affected	pkg:rpm/fedora/gnome-web-photo?distro=fedora-14	fedora	gnome-web-photo	< 0.9.16.fc14.1	fedora-14
Affected	pkg:rpm/fedora/gnome-python2-extras?distro=fedora-14	fedora	gnome-python2-extras	< 2.25.3.26.fc14.1	fedora-14
Affected	pkg:rpm/fedora/galeon?distro=fedora-14	fedora	galeon	< 2.0.7.36.fc14.1	fedora-14
Affected	pkg:rpm/fedora/firefox?distro=fedora-14	fedora	firefox	< 3.6.13.1.fc14	fedora-14

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date