Описание
ELSA-2013-1140: firefox security update (CRITICAL)
firefox [17.0.8-1.0.1.el6_4]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat ones
[17.0.8-1]
- Update to 17.0.8 ESR
xulrunner [17.0.8-3.0.1.el6_4]
- Replaced xulrunner-redhat-default-prefs.js with xulrunner-oracle-default-prefs.js
- Removed XULRUNNER_VERSION from SOURCE21
[17.0.8-3]
- Update to 17.0.8 ESR Build 2
[17.0.8-2]
- Added fix for rhbz#990921 - firefox does not build with required nss/nspr
[17.0.8-1]
- Update to 17.0.8 ESR
Обновленные пакеты
Oracle Linux 5
Oracle Linux ia64
firefox
17.0.8-1.0.1.el5_9
xulrunner
17.0.8-3.0.1.el5_9
xulrunner-devel
17.0.8-3.0.1.el5_9
Oracle Linux x86_64
firefox
17.0.8-1.0.1.el5_9
xulrunner
17.0.8-3.0.1.el5_9
xulrunner-devel
17.0.8-3.0.1.el5_9
Oracle Linux i386
firefox
17.0.8-1.0.1.el5_9
xulrunner
17.0.8-3.0.1.el5_9
xulrunner-devel
17.0.8-3.0.1.el5_9
Oracle Linux 6
Oracle Linux x86_64
firefox
17.0.8-1.0.1.el6_4
xulrunner
17.0.8-3.0.1.el6_4
xulrunner-devel
17.0.8-3.0.1.el6_4
Oracle Linux i686
firefox
17.0.8-1.0.1.el6_4
xulrunner
17.0.8-3.0.1.el6_4
xulrunner-devel
17.0.8-3.0.1.el6_4
Ссылки на источники
Связанные уязвимости
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly handle the interaction between FRAME elements and history, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors involving spoofing a relative location in a previously visited document.