Advisories:rPSA-2007-0225

From rPath Wiki

rPath Security Advisory 2007-0225-3

Published: 2007-10-26

Updated

1. 2007-10-29 added thunderbird update
2. 2007-10-31 corrected file permissions in firefox

Products

• rPath Linux 1

Rating

Major

Exposure Level Classification

Indirect User Deterministic Unauthorized Access

Updated Versions

• firefox=conary.rpath.com@rpl:1/2.0.0.8-0.2-1
• thunderbird=conary.rpath.com@rpl:1/2.0.0.6-0.2-1

rPath Issue Tracking System

• RPL-1858
• RPL-1884

References

• CVE-2006-2894
• CVE-2007-1095
• CVE-2007-2292
• CVE-2007-3511
• CVE-2007-5334
• CVE-2007-5337
• CVE-2007-5338
• CVE-2007-5339
• CVE-2007-5340

Description

Previous versions of the firefox package are vulnerable to several

types of attacks, some of which are understood to allow compromised

or malicious sites to run arbitrary code as the user running firefox.

29 October 2007 Update: related vulnerabilities have also been fixed

in the thunderbird package.

31 October 2007 Update: corrected some file permissions in the

firefox update.

Copyright 2007 rPath, Inc. This file is distributed under the terms of the MIT License. A copy is available at http://www.rpath.com/permanent/mit-license.html