FLEA-2007-0039-1 firefox

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Foresight Linux Essential Advisory: 2007-0039-1 Published: 2007-08-01

Rating: Moderate

Updated Versions:

    firefox=/foresight.rpath.org@fl:1-devel//1/2.0.0.6-1-1     group-dist=/foresight.rpath.org@fl:1-devel//1/1.3.2-0.7-2

References:

    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3844
    
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3845
    
https://issues.rpath.com/browse/RPL-1600

Description:

    Previous versions of the firefox package are vulnerable to a flaw in     handling of "about:blank" windows. A malicious web server could exploit     this to steal sensitive information or modify contents of other open web     pages.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

    In addition, a malicious web server could execute helpers with arbitrary     arguments due to firefox's mishandling of certain types of characters when     launching external programs.

• ---

Copyright 2007 Foresight Linux Project
This file is distributed under the terms of the MIT License. A copy is available at http://www.foresightlinux.org/permanent/mit-license.html
-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2.0.4 (GNU/Linux)

iQIVAwUBRrDY+NfwEn07iAtZAQJvFQ/+MnWWYwJMIfW9l2jOzLBIdOXtJJfVI+sw hRlf9Dj6bamB0vj1ntL4YPw6V2SQFKXkw92QFJwiyFcbC9l7np73eTNwJskR4VKb 5g8hKTdOjTEaU+VoJkUDSi/JA6RwRGJKn08+/ih7CuLkE8loYmFYbMiR+MxpbHoP u82IAbYKTD4WqMbXuy34MImedvVWby3GxHI01RgqGtDhN9BwvRzmYrip04QUFJwJ QP8xSlfNBkaL0e/7nTDmdWbAqhOYXPdxjQPG0cM9mp6omMnM0SIJ7Fm5UDGe69rb zQm9DFUiCJnyQC8ra40dvdloxmk2en/ZXFgh4rE+Ghw+U7U1/IciWMdboUhdc+QV NI3L/oyXkqSODIOBPehpUfpmg7aVuTXtrjlYugyR4NG5mx5XyQ6CaiZnhZy4c13V QznFZQ8ZJuA960z+jfEsO4y2K8hsQ0z3iFesHW/CiUM1qWKIEKwGV0Uw0m2mWBUF 0ik23yeCzfwm+gJGt4GVqFMK4CjbuVZrT0IsCn3daefiyxFAabNLQJ6XeQB9KwJI Jm6Nj5gPls1Vvip8VOu8QWoUkk9GkGQD1yX3YeyYRCrYAELhCZmbgrJz/NHnnDEF sk9ofgcFvqliOIrgzdFDmEJTP01O/d/TFOSiu+LX82dllRowIfcJLvW2ZvH2AvVN BBO5x3kCehA=
=2vlo
-----END PGP SIGNATURE-----
Received on Wed Aug 1 16:09:00 2007