Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2009-1095

Опубликовано: 12 июн. 2009
Источник: oracle-oval
Платформа: Oracle Linux 5

Описание

ELSA-2009-1095: firefox security update (CRITICAL)

firefox:

[3.0.11-2.0.1.el5_3]

  • Update firstrun and homepage URLs
  • Added firefox-oracle-default-prefs.js/firefox-oracle-default-bookmarks.html and removed the corresponding Red Hat ones
  • Added patch oracle-firefox-branding.patch

[3.0.11-2]

  • Update due to respin

[3.0.11-1]

  • Update to 3.0.11

xulrunner:

[1.9.0.11-3.0.1.el5_3]

  • Added xulrunner-oracle-default-prefs.js and removed the corresponding RedHat one

[1.9.0.11-3]

  • Added patch to fix #488570

[1.9.0.11-2]

  • Update due to respin

[1.9.0.11-1]

  • Update to 1.9.0.11

Обновленные пакеты

Oracle Linux 5

Oracle Linux x86_64

firefox

3.0.11-2.0.1.el5_3

xulrunner

1.9.0.11-3.0.1.el5_3

xulrunner-devel

1.9.0.11-3.0.1.el5_3

xulrunner-devel-unstable

1.9.0.11-3.0.1.el5_3

Oracle Linux i386

firefox

3.0.11-2.0.1.el5_3

xulrunner

1.9.0.11-3.0.1.el5_3

xulrunner-devel

1.9.0.11-3.0.1.el5_3

xulrunner-devel-unstable

1.9.0.11-3.0.1.el5_3

Связанные CVE

CVE-2009-1836
CVE-2009-1837
CVE-2009-1392
CVE-2009-1833
CVE-2009-1841
CVE-2009-1832
CVE-2009-1834
CVE-2009-1838
CVE-2009-1839
CVE-2009-1840
CVE-2009-1835

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2009-1836

ubuntu
около 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

redhat логотип

CVE-2009-1836

redhat
около 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

nvd логотип

CVE-2009-1836

nvd
около 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.

debian логотип

CVE-2009-1836

debian
около 16 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMon ...

github логотип

GHSA-xw48-x32w-4m9r

github
около 3 лет назад

Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 use the HTTP Host header to determine the context of a document provided in a non-200 CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.