Rapid7 Vulnerability & Exploit Database

RHSA-2008:1036: firefox security update

Back to Search

RHSA-2008:1036: firefox security update



Mozilla Firefox is an open source Web browser.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code as the user running Firefox.(CVE-2008-5500, CVE-2008-5501, CVE-2008-5502, CVE-2008-5511, CVE-2008-5512,CVE-2008-5513)Several flaws were found in the way malformed content was processed. Awebsite containing specially-crafted content could potentially trick aFirefox user into surrendering sensitive information. (CVE-2008-5506,CVE-2008-5507)A flaw was found in the way Firefox stored attributes in XML User InterfaceLanguage (XUL) elements. A web site could use this flaw to track usersacross browser sessions, even if users did not allow the site to storecookies in the victim's browser. (CVE-2008-5505)A flaw was found in the way malformed URLs were processed by Firefox.This flaw could prevent various URL sanitization mechanisms from properlyparsing a malicious URL. (CVE-2008-5508)A flaw was found in Firefox's CSS parser. A malicious web page could injectNULL characters into a CSS input string, possibly bypassing anapplication's script sanitization routines. (CVE-2008-5510)For technical details regarding these flaws, please see the Mozillasecurity advisories for Firefox 3.0.5. You can find a link to the Mozillaadvisories in the References section.Note: after the errata packages are installed, Firefox must be restartedfor the update to take effect.All firefox users should upgrade to these updated packages, which containbackported patches that correct these issues.


  • redhat-upgrade-firefox
  • redhat-upgrade-nspr
  • redhat-upgrade-nspr-devel
  • redhat-upgrade-nss
  • redhat-upgrade-nss-devel
  • redhat-upgrade-nss-pkcs11-devel
  • redhat-upgrade-nss-tools
  • redhat-upgrade-xulrunner
  • redhat-upgrade-xulrunner-devel
  • redhat-upgrade-xulrunner-devel-unstable

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center