Updated nss, firefox and thunderbird packages fix security vulnerabilities
Publication date: 26 Jul 2014Modification date: 26 Jul 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1544 , CVE-2014-1547 , CVE-2014-1555 , CVE-2014-1556 , CVE-2014-1557
Description
A race condition was found in the way NSS verified certain certificates.
A remote attacker could use this flaw to crash an application using NSS or,
possibly, execute arbitrary code with the privileges of the user running
that application (CVE-2014-1544).
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1547, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557).
The rootcerts and nss packages have been updated to NSS 3.16.3, and the
firefox and thunderbird packages have been updated to version 24.7.0, fixing
these issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=13790
- https://www.mozilla.org/security/announce/2014/mfsa2014-56.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-61.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-63.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-64.html
- http://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
- https://rhn.redhat.com/errata/RHSA-2014-0919.html
- https://rhn.redhat.com/errata/RHSA-2014-0918.html
- https://rhn.redhat.com/errata/RHSA-2014-0917.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1547
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1555
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1556
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1557
SRPMS
3/core
- firefox-24.7.0-1.mga3
- firefox-l10n-24.7.0-1.mga3
- nss-3.16.3-1.mga3
- rootcerts-20140703.00-1.mga3
- thunderbird-24.7.0-1.mga3
- thunderbird-l10n-24.7.0-1.mga3
4/core
- firefox-24.7.0-1.mga4
- firefox-l10n-24.7.0-1.mga4
- nss-3.16.3-1.mga4
- rootcerts-20140703.00-1.mga4
- thunderbird-24.7.0-1.mga4
- thunderbird-l10n-24.7.0-1.mga4