Advisories ยป MGASA-2014-0293

Updated nss, firefox and thunderbird packages fix security vulnerabilities

Publication date: 26 Jul 2014
Modification date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1544 , CVE-2014-1547 , CVE-2014-1555 , CVE-2014-1556 , CVE-2014-1557

Description

A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application (CVE-2014-1544).

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).

The rootcerts and nss packages have been updated to NSS 3.16.3, and the
firefox and thunderbird packages have been updated to version 24.7.0, fixing
these issues.
                

References

SRPMS

3/core

4/core