Rapid7 Vulnerability & Exploit Database

RHSA-2008:0879: firefox security update

Back to Search

RHSA-2008:0879: firefox security update



Mozilla Firefox is an open source Web browser.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-4058, CVE-2008-4060, CVE-2008-4061, CVE-2008-4062,CVE-2008-4063, CVE-2008-4064)Several flaws were found in the way malformed web content was displayed. Aweb page containing specially crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-4067,CVE-2008-4068)A flaw was found in the way Firefox handles mouse click events. A web pagecontaining specially crafted JavaScript code could move the content windowwhile a mouse-button was pressed, causing any item under the pointer to bedragged. This could, potentially, cause the user to perform an unsafedrag-and-drop action. (CVE-2008-3837)A flaw was found in Firefox that caused certain characters to be strippedfrom JavaScript code. This flaw could allow malicious JavaScript to bypassor evade script filters. (CVE-2008-4065)For technical details regarding these flaws, please see the Mozillasecurity advisories for Firefox 3.0.2. You can find a link to the Mozillaadvisories in the References section.All firefox users should upgrade to this updated package, which containsbackported patches that correct these issues.


  • redhat-upgrade-devhelp
  • redhat-upgrade-devhelp-devel
  • redhat-upgrade-firefox
  • redhat-upgrade-nss
  • redhat-upgrade-nss-devel
  • redhat-upgrade-nss-pkcs11-devel
  • redhat-upgrade-nss-tools
  • redhat-upgrade-xulrunner
  • redhat-upgrade-xulrunner-devel
  • redhat-upgrade-xulrunner-devel-unstable
  • redhat-upgrade-yelp

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center