Advisories » MGASA-2015-0268

Updated firefox package fixes security vulnerability

Publication date: 05 Jul 2015
Modification date: 09 Jul 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-2721 , CVE-2015-2722 , CVE-2015-2724 , CVE-2015-2728 , CVE-2015-2730 , CVE-2015-2733 , CVE-2015-2734 , CVE-2015-2735 , CVE-2015-2736 , CVE-2015-2737 , CVE-2015-2738 , CVE-2015-2739 , CVE-2015-2740 , CVE-2015-2743 , CVE-2015-4000

Description

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2015-2722, CVE-2015-2724, CVE-2015-2728,
CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737,
CVE-2015-2738, CVE-2015-2739, CVE-2015-2740).

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined
with another vulnerability, it could allow execution of arbitrary code
with the privileges of the user running Firefox (CVE-2015-2743).

A vulnerability in the TLS protocol allows a man-in-the-middle attacker to
downgrade vulnerable TLS connections using ephemeral Diffie-Hellman key
exchange to 512-bit export-grade cryptography. This vulnerability is known
as Logjam (CVE-2015-4000).

Security researcher Karthikeyan Bhargavan reported an issue in Network
Security Services (NSS) where the client allows for a ECDHE_ECDSA exchange
where the server does not send its ServerKeyExchange message instead of
aborting the handshake. Instead, the NSS client will take the EC key from
the ECDSA certificate. This violates the TLS protocol and also has some
security implications for forward secrecy. In this situation, the browser
thinks it is engaged in an ECDHE exchange, but has been silently
downgraded to a non-forward secret mixed-ECDH exchange instead. As a
result, if False Start is enabled, the browser will start sending data
encrypted under these non-forward-secret connection keys (CVE-2015-2721).

Mozilla community member Watson Ladd reported that the implementation of
Elliptical Curve Cryptography (ECC) multiplication for Elliptic Curve
Digital Signature Algorithm (ECDSA) signature validation in Network
Security Services (NSS) did not handle exceptional cases correctly. This
could potentially allow for signature forgery (CVE-2015-2730).

The nss package has been updated to version 3.19.2, which fixes issues
related to the minimum key sizes of finite field algorithms, including
CVE-2015-4000. It also fixes CVE-2015-2721 and CVE-2015-2730.

The Mageia 4 sqlite3 package has also been updated to version 3.8.10.2,
fixing an index corruption issue. Mageia 5 already shipped with version
3.8.10.2.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16232
• https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
• https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2_release_notes
• http://www.sqlite.org/releaselog/3_8_10_2.html
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
• https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
• https://rhn.redhat.com/errata/RHSA-2015-1185.html
• https://rhn.redhat.com/errata/RHSA-2015-1207.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2722
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2733
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000

SRPMS

4/core

• sqlite3-3.8.10.2-1.mga4
• nss-3.19.2-1.mga4
• firefox-38.1.0-1.mga4
• firefox-l10n-38.1.0-1.mga4

5/core

• nss-3.19.2-1.mga5
• firefox-38.1.0-1.mga5
• firefox-l10n-38.1.0-1.mga5