Solution
Please Install the Updated Packages.
Insight
Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.
A use-after-free flaw was found in the way Firefox removed nsDOMAttribute child nodes. In certain circumstances, due to the premature notification of AttributeChildRemoved, a malicious script could possibly use this flaw to cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2011-3659)
Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0442)
A flaw was found in the way Firefox parsed Ogg Vorbis media files. A web page containing a malicious Ogg Vorbis media file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0444)
A flaw was found in the way Firefox parsed certain Scalable Vector Graphics (SVG) image files that contained eXtensible Style Sheet Language Transformations (XSLT). A web page containing a malicious SVG image file could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2012-0449)
For technical details regarding these flaws, refer to the Mozilla security advisories for Firefox 3.6.26. You can find a link to the Mozilla advisories in the References section of this erratum.
All Firefox users should upgrade to these updated packages, which contain Firefox version 3.6.26, which corrects these issues. After installing the update, Firefox must be restarted for the changes to take effect.
Affected
firefox on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-3659, CVE-2011-3670, CVE-2012-0442, CVE-2012-0444, CVE-2012-0449 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities