Solution
Please Install the Updated Packages.
Insight
Mozilla Firefox is an open source web browser.
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0461, CVE-2012-0462, CVE-2012-0464)
Two flaws were found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files. A web page containing a malicious SVG image file could cause an information leak, or cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0456, CVE-2012-0457)
A flaw could allow a malicious site to bypass intended restrictions, possibly leading to a cross-site scripting (XSS) attack if a user were tricked into dropping a "
javascript:"
link onto a frame. (CVE-2012-0455)
It was found that the home page could be set to a " javascript:"
link. If a
user were tricked into setting such a home page by dragging a link to the home button, it could cause Firefox to repeatedly crash, eventually leading to arbitrary code execution with the privileges of the user running Firefox. (CVE-2012-0458)
A flaw was found in the way Firefox parsed certain web content containing "
cssText"
. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0459)
It was found that by using the DOM fullscreen API, untrusted content could bypass the mozRequestFullscreen security protections. A web page containing malicious web content could exploit this API flaw to cause user interface spoofing. (CVE-2012-0460)
A flaw was found in the way Firefox handled pages with multiple Content Security Policy (CSP) headers. This could lead to a cross-site scripting attack if used in conjunction with a website that has a header injection flaw. (CVE-2012-0451)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 10.0.3 ESR. You can find a link to the Mozilla advisories in the References section of this erratum.
This update also fixes the following bugs:
* When using the Traditional Chinese locale (zh-TW), a segmentation fault sometimes occurred when closing Firefox. (BZ#729632)
* Inputting any text in the Web Console (Tools -> Web Developer ->
Web Console) caused Firefox to crash. (BZ#784048)
* The java-1.6.0-ibm-plugin and java-1.6.0-sun-plugin packages require the &q ...
Description truncated, for more information please check the Reference URL
Affected
firefox on CentOS 6
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2012-0451, CVE-2012-0455, CVE-2012-0456, CVE-2012-0457, CVE-2012-0458, CVE-2012-0459, CVE-2012-0460, CVE-2012-0461, CVE-2012-0462, CVE-2012-0464 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities