Updated firefox packages that fix several security issues are now available
for CentOS Linux 4 and 5.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Mozilla Firefox is an open source Web browser.
A cross-site scripting flaw was found in the way Firefox handled the
jar: URI scheme. It was possible for a malicious website to leverage this
flaw and conduct a cross-site scripting attack against a user running
Several flaws were found in the way Firefox processed certain malformed web
content. A webpage containing malicious content could cause Firefox to
crash, or potentially execute arbitrary code as the user running Firefox.
A race condition existed when Firefox set the "window.location" property
for a webpage. This flaw could allow a webpage to set an arbitrary Referer
header, which may lead to a Cross-site Request Forgery (CSRF) attack
against websites that rely only on the Referer header for protection.
Users of Firefox are advised to upgrade to these updated packages, which
contain backported patches to resolve these issues.