[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1M4ELQ-0000aN-VW@titan.mandriva.com>
Date: Wed, 13 May 2009 15:18:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:111-1 ] firefox
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:111-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : firefox
Date : May 13, 2009
Affected: 2009.0
_______________________________________________________________________
Problem Description:
Security vulnerabilities have been discovered in previous
versions, and corrected in the latest Mozilla Firefox 3.x, version
3.0.10. (CVE-2009-1302, CVE-2009-1303, CVE-2009-1304, CVE-2009-1305,
CVE-2009-0652, CVE-2009-1306, CVE-2009-1307, CVE-2009-1308,
CVE-2009-1309, CVE-2009-1310, CVE-2009-1311, CVE-2009-1312,
CVE-2009-1313)
This update provides the latest Mozilla Firefox 3.x to correct
these issues.
Additionally, some packages which require so, have been rebuilt and
are being provided as updates.
Update:
The recent Mozilla Firefox update missed the Firefox language packs
for Mandriva Linux 2009. This update provides them, fixing the issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0652
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1313
http://www.mozilla.org/security/known-vulnerabilities/firefox30.html#firefox3.0.10
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
428c63f10fadf9d563ec2842125955eb 2009.0/i586/firefox-af-3.0.10-0.1mdv2009.0.i586.rpm
fabdad0d8036a5dc9d8e6cd0d6f587ef 2009.0/i586/firefox-ar-3.0.10-0.1mdv2009.0.i586.rpm
8dba866bf456bf6e8076a2e0fb1e45a2 2009.0/i586/firefox-be-3.0.10-0.1mdv2009.0.i586.rpm
6ee779a9d993a4c04650e0a23d681601 2009.0/i586/firefox-bg-3.0.10-0.1mdv2009.0.i586.rpm
c36835a0e2e9ff4e6b43defbeab6f787 2009.0/i586/firefox-bn-3.0.10-0.1mdv2009.0.i586.rpm
c440e6dbcf73db73403d08278be48936 2009.0/i586/firefox-ca-3.0.10-0.1mdv2009.0.i586.rpm
ac843b5e22e0e29094f3d6d059896850 2009.0/i586/firefox-cs-3.0.10-0.1mdv2009.0.i586.rpm
d524e266442215bd69577532b29848dd 2009.0/i586/firefox-cy-3.0.10-0.1mdv2009.0.i586.rpm
2cac493126fc4f6e50de0c9428303aac 2009.0/i586/firefox-da-3.0.10-0.1mdv2009.0.i586.rpm
1c288234043f76e349200d6650afd4a1 2009.0/i586/firefox-de-3.0.10-0.1mdv2009.0.i586.rpm
28a974d0e09b7d6eddecbf6ac7cf3fff 2009.0/i586/firefox-el-3.0.10-0.1mdv2009.0.i586.rpm
d2bb49a40f9626fe443ef5f2c73a4063 2009.0/i586/firefox-en_GB-3.0.10-0.1mdv2009.0.i586.rpm
7c94bab7d47bba06200b253408b922ab 2009.0/i586/firefox-eo-3.0.10-0.1mdv2009.0.i586.rpm
d98276d0f1a26ee892bd845b9ae66762 2009.0/i586/firefox-es_AR-3.0.10-0.1mdv2009.0.i586.rpm
208435a4d629bee649dc22440a174203 2009.0/i586/firefox-es_ES-3.0.10-0.1mdv2009.0.i586.rpm
bac010ff6be1a42cfbef6aff68a8380c 2009.0/i586/firefox-et-3.0.10-0.1mdv2009.0.i586.rpm
319256fe0b2e3fa32fb27b880fd12519 2009.0/i586/firefox-eu-3.0.10-0.1mdv2009.0.i586.rpm
9ac30eebf8c9505ba0c99158e372b303 2009.0/i586/firefox-fi-3.0.10-0.1mdv2009.0.i586.rpm
03560e30d2bd62520cf9665184c37f9d 2009.0/i586/firefox-fr-3.0.10-0.1mdv2009.0.i586.rpm
ae16ba2e645c66b80c893fecd5bb0866 2009.0/i586/firefox-fy-3.0.10-0.1mdv2009.0.i586.rpm
849c6cc485543fee318dd00d1e011b96 2009.0/i586/firefox-ga_IE-3.0.10-0.1mdv2009.0.i586.rpm
00c4f1e1c75be22c9749bcb6e19ee1a8 2009.0/i586/firefox-gl-3.0.10-0.1mdv2009.0.i586.rpm
80bb9fe95926ada2c82e50d4247acfff 2009.0/i586/firefox-gu_IN-3.0.10-0.1mdv2009.0.i586.rpm
db271c92cbc88a0750b5ab8b4b805c34 2009.0/i586/firefox-he-3.0.10-0.1mdv2009.0.i586.rpm
79ff9ecae9384330c16922406c51ffd6 2009.0/i586/firefox-hi-3.0.10-0.1mdv2009.0.i586.rpm
7e87efe5ddaf54e6966d1886a746dcfe 2009.0/i586/firefox-hu-3.0.10-0.1mdv2009.0.i586.rpm
add0fd84eb10233c260950b01a594595 2009.0/i586/firefox-id-3.0.10-0.1mdv2009.0.i586.rpm
bc52e2cb6e992d7fb27ac61be4047f35 2009.0/i586/firefox-is-3.0.10-0.1mdv2009.0.i586.rpm
7bb1d34c83b53b4a30dac101bcb7da1c 2009.0/i586/firefox-it-3.0.10-0.1mdv2009.0.i586.rpm
7a159b8384a18577b0ccc3aa0564fe33 2009.0/i586/firefox-ja-3.0.10-0.1mdv2009.0.i586.rpm
b67641682152447b0045a977011de2d0 2009.0/i586/firefox-ka-3.0.10-0.1mdv2009.0.i586.rpm
954202831867180681e99be7e9d5cbca 2009.0/i586/firefox-kn-3.0.10-0.1mdv2009.0.i586.rpm
309d434c54f9c9f54384b7addd7fecfa 2009.0/i586/firefox-ko-3.0.10-0.1mdv2009.0.i586.rpm
90ac6957b7aef991c472db9de707b7e1 2009.0/i586/firefox-ku-3.0.10-0.1mdv2009.0.i586.rpm
b5e27ae12543ab1eefb2864d51ef5f3b 2009.0/i586/firefox-lt-3.0.10-0.1mdv2009.0.i586.rpm
5262f12accb78398ae4f33d368b2d3c8 2009.0/i586/firefox-lv-3.0.10-0.1mdv2009.0.i586.rpm
87770cc2e9bffa12e0a9810b8c2264bf 2009.0/i586/firefox-mk-3.0.10-0.1mdv2009.0.i586.rpm
7f71f9c789c541e482f7dbc826b1e75d 2009.0/i586/firefox-mn-3.0.10-0.1mdv2009.0.i586.rpm
5ed115f431f83bc1710461172340cc5c 2009.0/i586/firefox-mr-3.0.10-0.1mdv2009.0.i586.rpm
94f7104e6c94b19528b68d7fec02b116 2009.0/i586/firefox-nb_NO-3.0.10-0.1mdv2009.0.i586.rpm
358ba12b0dd138d5a07e699b62c2e0c9 2009.0/i586/firefox-nl-3.0.10-0.1mdv2009.0.i586.rpm
316299848df0100cd7dbf9c3f40b957f 2009.0/i586/firefox-nn_NO-3.0.10-0.1mdv2009.0.i586.rpm
3c557eaa35fcb14b458389dab8e89956 2009.0/i586/firefox-oc-3.0.10-0.1mdv2009.0.i586.rpm
06b6728b585e436ae1a366ae45e99cab 2009.0/i586/firefox-pa_IN-3.0.10-0.1mdv2009.0.i586.rpm
eca2a2427556ed69b0ee5cf05b1eb946 2009.0/i586/firefox-pl-3.0.10-0.1mdv2009.0.i586.rpm
700b9b8705803e5b5cfdb450eb2d18f4 2009.0/i586/firefox-pt_BR-3.0.10-0.1mdv2009.0.i586.rpm
34f35eb9f2f5fb474bd369eaa3e25b41 2009.0/i586/firefox-pt_PT-3.0.10-0.1mdv2009.0.i586.rpm
1aa56aee2364433d1f86d1639703f11d 2009.0/i586/firefox-ro-3.0.10-0.1mdv2009.0.i586.rpm
8ad17c722f9e1156f0f0d1413961673a 2009.0/i586/firefox-ru-3.0.10-0.1mdv2009.0.i586.rpm
a35265f3dcf9d96685670efabebe87d3 2009.0/i586/firefox-si-3.0.10-0.1mdv2009.0.i586.rpm
40dae6edeff38b75a913bd2db75281b0 2009.0/i586/firefox-sk-3.0.10-0.1mdv2009.0.i586.rpm
209a8c7738fa61f9ccfb1292ac0454fd 2009.0/i586/firefox-sl-3.0.10-0.1mdv2009.0.i586.rpm
d9511239f8a809c1fa52069d80d86e9f 2009.0/i586/firefox-sq-3.0.10-0.1mdv2009.0.i586.rpm
caaaa484cab9070ce73bd05df6f0686b 2009.0/i586/firefox-sr-3.0.10-0.1mdv2009.0.i586.rpm
7c6b0bb2f85ed561baeed515e489c50c 2009.0/i586/firefox-sv_SE-3.0.10-0.1mdv2009.0.i586.rpm
e7e062eee2533692dc969580ee0afc9c 2009.0/i586/firefox-te-3.0.10-0.1mdv2009.0.i586.rpm
c3fcaa0ebe8018cd7a48cf7429a6f508 2009.0/i586/firefox-th-3.0.10-0.1mdv2009.0.i586.rpm
11e0e6016b3aa56faf6653be4afca38a 2009.0/i586/firefox-tr-3.0.10-0.1mdv2009.0.i586.rpm
46221144f9edcea10195d68013aa306f 2009.0/i586/firefox-uk-3.0.10-0.1mdv2009.0.i586.rpm
2d8125037fa940ac1af678a88f6159e0 2009.0/i586/firefox-zh_CN-3.0.10-0.1mdv2009.0.i586.rpm
ff8679f9794607e6a746024791575219 2009.0/i586/firefox-zh_TW-3.0.10-0.1mdv2009.0.i586.rpm
1054337c6d40a6cf130f7059724b4e4b 2009.0/SRPMS/firefox-l10n-3.0.10-0.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
258457851c723bb4cdd364e4743a3584 2009.0/x86_64/firefox-af-3.0.10-0.1mdv2009.0.x86_64.rpm
8e3c428f56b6df607a382a66b34c0c90 2009.0/x86_64/firefox-ar-3.0.10-0.1mdv2009.0.x86_64.rpm
116a63099398699fde88879070f4ce48 2009.0/x86_64/firefox-be-3.0.10-0.1mdv2009.0.x86_64.rpm
f51b22c0cdc236c65a5cc6183a973dec 2009.0/x86_64/firefox-bg-3.0.10-0.1mdv2009.0.x86_64.rpm
3ab96f66e8c4ba8c433dd33922b52a69 2009.0/x86_64/firefox-bn-3.0.10-0.1mdv2009.0.x86_64.rpm
aafd552bda0fac22cfeb3ee806dd4bab 2009.0/x86_64/firefox-ca-3.0.10-0.1mdv2009.0.x86_64.rpm
306ab5ea0fb84ee1e65583bf3c2987e4 2009.0/x86_64/firefox-cs-3.0.10-0.1mdv2009.0.x86_64.rpm
d11104e846f9595a79d60475815716b3 2009.0/x86_64/firefox-cy-3.0.10-0.1mdv2009.0.x86_64.rpm
56551fcffd2cdddc288472a2d602db54 2009.0/x86_64/firefox-da-3.0.10-0.1mdv2009.0.x86_64.rpm
7253128e7851d3713e8455c4cc5a2309 2009.0/x86_64/firefox-de-3.0.10-0.1mdv2009.0.x86_64.rpm
109e6f2e7dac22e0b2171ec5d05e078d 2009.0/x86_64/firefox-el-3.0.10-0.1mdv2009.0.x86_64.rpm
bab45adcc5b17c7859d0b40a5cdb1d8d 2009.0/x86_64/firefox-en_GB-3.0.10-0.1mdv2009.0.x86_64.rpm
1575ad3adf3c43762c48c0078b340854 2009.0/x86_64/firefox-eo-3.0.10-0.1mdv2009.0.x86_64.rpm
dddf6533ca6612de289353c984301128 2009.0/x86_64/firefox-es_AR-3.0.10-0.1mdv2009.0.x86_64.rpm
50b3e769444edf9a022c46b794cd4e0a 2009.0/x86_64/firefox-es_ES-3.0.10-0.1mdv2009.0.x86_64.rpm
da53bd9533860d698ba31fcfe43864c8 2009.0/x86_64/firefox-et-3.0.10-0.1mdv2009.0.x86_64.rpm
62f0494ed4f8ec3e70ffe336210ab5a7 2009.0/x86_64/firefox-eu-3.0.10-0.1mdv2009.0.x86_64.rpm
a6246bef4fd6867a3e100303280fcd6f 2009.0/x86_64/firefox-fi-3.0.10-0.1mdv2009.0.x86_64.rpm
e79b2e3b97d1ca86d5216c3587db2755 2009.0/x86_64/firefox-fr-3.0.10-0.1mdv2009.0.x86_64.rpm
baac4499ec49448578c45a6fe4b9e6ef 2009.0/x86_64/firefox-fy-3.0.10-0.1mdv2009.0.x86_64.rpm
e537484f39efc61f0ba8893ffd028b90 2009.0/x86_64/firefox-ga_IE-3.0.10-0.1mdv2009.0.x86_64.rpm
d56241d4771d4f3d268dcee41d02affb 2009.0/x86_64/firefox-gl-3.0.10-0.1mdv2009.0.x86_64.rpm
9b83b5370b86365486f46198625b822b 2009.0/x86_64/firefox-gu_IN-3.0.10-0.1mdv2009.0.x86_64.rpm
79cef5592e2c1507f1934f5a1cfdf4f1 2009.0/x86_64/firefox-he-3.0.10-0.1mdv2009.0.x86_64.rpm
b85e65c0fec12b11cff313c6c89bd7eb 2009.0/x86_64/firefox-hi-3.0.10-0.1mdv2009.0.x86_64.rpm
cee173655a5c7837fffcedda0a6a61c4 2009.0/x86_64/firefox-hu-3.0.10-0.1mdv2009.0.x86_64.rpm
e74fd5eba3f509cb8079acde1d59b4ec 2009.0/x86_64/firefox-id-3.0.10-0.1mdv2009.0.x86_64.rpm
8a6c41c86561e40e79d1cb8168e2eb99 2009.0/x86_64/firefox-is-3.0.10-0.1mdv2009.0.x86_64.rpm
261fea23c41776cae90872350bc4373c 2009.0/x86_64/firefox-it-3.0.10-0.1mdv2009.0.x86_64.rpm
31feb1619ffd6a790b0f05578d67b79c 2009.0/x86_64/firefox-ja-3.0.10-0.1mdv2009.0.x86_64.rpm
710db16d2abe8081875bc415fc19e68d 2009.0/x86_64/firefox-ka-3.0.10-0.1mdv2009.0.x86_64.rpm
9def35657fb3728cc278afd935855e1d 2009.0/x86_64/firefox-kn-3.0.10-0.1mdv2009.0.x86_64.rpm
8e668d4b602c3331a35a3f082584a4a5 2009.0/x86_64/firefox-ko-3.0.10-0.1mdv2009.0.x86_64.rpm
2d9b8cbcd122caedf7e48b64275f0ae8 2009.0/x86_64/firefox-ku-3.0.10-0.1mdv2009.0.x86_64.rpm
15bf192d4264faff185fb674104a0572 2009.0/x86_64/firefox-lt-3.0.10-0.1mdv2009.0.x86_64.rpm
b1a39c5e6ee027f820a6ab12ac8536f1 2009.0/x86_64/firefox-lv-3.0.10-0.1mdv2009.0.x86_64.rpm
2aaa1d49c0ba25f6e7353f546de8e872 2009.0/x86_64/firefox-mk-3.0.10-0.1mdv2009.0.x86_64.rpm
ddfff353e9158597a1f05d8684538a15 2009.0/x86_64/firefox-mn-3.0.10-0.1mdv2009.0.x86_64.rpm
a12226a3b68ebfa8f96836fa1da9201f 2009.0/x86_64/firefox-mr-3.0.10-0.1mdv2009.0.x86_64.rpm
78a72a996ede70c6f2b939370381c089 2009.0/x86_64/firefox-nb_NO-3.0.10-0.1mdv2009.0.x86_64.rpm
24402fa976b38e277d419e6e62143f2b 2009.0/x86_64/firefox-nl-3.0.10-0.1mdv2009.0.x86_64.rpm
17718338453a1ea9263269e9a91d6f1b 2009.0/x86_64/firefox-nn_NO-3.0.10-0.1mdv2009.0.x86_64.rpm
8ee74c9d82ed5f0c1087315dba51938c 2009.0/x86_64/firefox-oc-3.0.10-0.1mdv2009.0.x86_64.rpm
9273d5773e8e90960c8276eaf50db994 2009.0/x86_64/firefox-pa_IN-3.0.10-0.1mdv2009.0.x86_64.rpm
b0455ebf6902b3e944b6179c1682b6fe 2009.0/x86_64/firefox-pl-3.0.10-0.1mdv2009.0.x86_64.rpm
654e22f863ed0442578cf8bfa8e6b14e 2009.0/x86_64/firefox-pt_BR-3.0.10-0.1mdv2009.0.x86_64.rpm
e5dfcbca7d7c7b581deb3c51838e3ed7 2009.0/x86_64/firefox-pt_PT-3.0.10-0.1mdv2009.0.x86_64.rpm
fca939bd4cfc3042564931b066e9be18 2009.0/x86_64/firefox-ro-3.0.10-0.1mdv2009.0.x86_64.rpm
c5e966eca1ba5a99eb0d42ffb3a162c7 2009.0/x86_64/firefox-ru-3.0.10-0.1mdv2009.0.x86_64.rpm
1c83187f3052cc683a6932c2a835c437 2009.0/x86_64/firefox-si-3.0.10-0.1mdv2009.0.x86_64.rpm
9bb1eab01429b4d6a38f84f842b6b8bc 2009.0/x86_64/firefox-sk-3.0.10-0.1mdv2009.0.x86_64.rpm
70b59b3f110a3d6745202ab51a16c244 2009.0/x86_64/firefox-sl-3.0.10-0.1mdv2009.0.x86_64.rpm
27180ec7383f330d647e6ca6975d7d18 2009.0/x86_64/firefox-sq-3.0.10-0.1mdv2009.0.x86_64.rpm
fe1ce31dedf9c4061db8c2d6565c85b4 2009.0/x86_64/firefox-sr-3.0.10-0.1mdv2009.0.x86_64.rpm
1520424e6bfddd3c25fb9aa912f08307 2009.0/x86_64/firefox-sv_SE-3.0.10-0.1mdv2009.0.x86_64.rpm
a2b966a6416b366fe860de72dce1bfbb 2009.0/x86_64/firefox-te-3.0.10-0.1mdv2009.0.x86_64.rpm
0803f48aa31eab91c8b71f942007c7e1 2009.0/x86_64/firefox-th-3.0.10-0.1mdv2009.0.x86_64.rpm
b75a72861f5b942a496dabea5b3d9566 2009.0/x86_64/firefox-tr-3.0.10-0.1mdv2009.0.x86_64.rpm
68c9128ce5b1a302f7c77bff6b8ee17b 2009.0/x86_64/firefox-uk-3.0.10-0.1mdv2009.0.x86_64.rpm
b7be4e78992bddffa18ae7a78d53882b 2009.0/x86_64/firefox-zh_CN-3.0.10-0.1mdv2009.0.x86_64.rpm
d78d8595ace51ebd3999c246e9913255 2009.0/x86_64/firefox-zh_TW-3.0.10-0.1mdv2009.0.x86_64.rpm
1054337c6d40a6cf130f7059724b4e4b 2009.0/SRPMS/firefox-l10n-3.0.10-0.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKCp1mmqjQ0CJFipgRAntBAKCY8I97u4bg+51olIhxCTmkPMnVPACglKFk
tGgHPCCFzG03mmVCIvEh3bU=
=segW
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists