Advisories » MGASA-2014-0293

Updated nss, firefox and thunderbird packages fix security vulnerabilities

Publication date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1544 , CVE-2014-1547 , CVE-2014-1555 , CVE-2014-1556 , CVE-2014-1557

Description

A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application (CVE-2014-1544).

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).

The rootcerts and nss packages have been updated to NSS 3.16.3, and the
firefox and thunderbird packages have been updated to version 24.7.0, fixing
these issues.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=13790
• https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
• https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
• https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
• https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
• https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
• http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
• http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
• https://rhn.redhat.com/errata/RHSA-2014-0919.html
• https://rhn.redhat.com/errata/RHSA-2014-0918.html
• https://rhn.redhat.com/errata/RHSA-2014-0917.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557

SRPMS

3/core

• firefox-24.7.0-1.mga3
• firefox-l10n-24.7.0-1.mga3
• nss-3.16.3-1.mga3
• rootcerts-20140703.00-1.mga3
• thunderbird-24.7.0-1.mga3
• thunderbird-l10n-24.7.0-1.mga3

4/core

• firefox-24.7.0-1.mga4
• firefox-l10n-24.7.0-1.mga4
• nss-3.16.3-1.mga4
• rootcerts-20140703.00-1.mga4
• thunderbird-24.7.0-1.mga4
• thunderbird-l10n-24.7.0-1.mga4