Updated firefox & thunderbird packages fix security vulnerabilities
Publication date: 05 Sep 2014Modification date: 05 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1562 , CVE-2014-1567
Description
Updated firefox and thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2014-1562, CVE-2014-1567).
References
- https://bugs.mageia.org/show_bug.cgi?id=14043
- https://www.mozilla.org/security/announce/2014/mfsa2014-67.html
- https://www.mozilla.org/security/announce/2014/mfsa2014-72.html
- https://www.mozilla.org/security/known-vulnerabilities/firefoxESR.html
- https://www.mozilla.org/security/known-vulnerabilities/thunderbird.html
- https://rhn.redhat.com/errata/RHSA-2014-1144.html
- https://rhn.redhat.com/errata/RHSA-2014-1145.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1562
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1567
SRPMS
4/core
- rootcerts-20140805.00-1.mga4
- nspr-4.10.7-1.mga4
- nss-3.17.0-1.mga4
- firefox-24.8.0-1.mga4
- firefox-l10n-24.8.0-1.mga4
- thunderbird-24.8.0-1.mga4
- thunderbird-l10n-24.8.0-1.mga4
3/core
- rootcerts-20140805.00-1.mga3
- nspr-4.10.7-1.mga3
- nss-3.17.0-1.mga3
- firefox-24.8.0-1.mga3
- firefox-l10n-24.8.0-1.mga3
- thunderbird-24.8.0-1.mga3
- thunderbird-l10n-24.8.0-1.mga3