Updated firefox & thunderbird packages fix multiple security vulnerabilities
Publication date: 11 Jun 2014Modification date: 11 Jun 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1533 , CVE-2014-1538 , CVE-2014-1541
Description
Updated firefox and thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1533, CVE-2014-1538, CVE-2014-1541).
References
- http://www.mozilla.org/security/announce/2014/mfsa2014-48.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-49.html
- http://www.mozilla.org/security/announce/2014/mfsa2014-52.html
- http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
- https://rhn.redhat.com/errata/RHSA-2014-0741.html
- https://rhn.redhat.com/errata/RHSA-2014-0742.html
- https://bugs.mageia.org/show_bug.cgi?id=13515
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1533
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1538
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1541
SRPMS
3/core
- rootcerts-20140401.00-1.mga3
- nspr-4.10.6-1.mga3
- nss-3.16.1-1.mga3
- firefox-24.6.0-1.mga3
- firefox-l10n-24.6.0-1.mga3
- thunderbird-24.6.0-1.mga3
- thunderbird-l10n-24.6.0-1.mga3
4/core
- rootcerts-20140401.00-1.mga4
- nspr-4.10.6-1.mga4
- nss-3.16.1-1.mga4
- firefox-24.6.0-1.mga4
- firefox-l10n-24.6.0-1.mga4
- thunderbird-24.6.0-1.mga4
- thunderbird-l10n-24.6.0-1.mga4