Updated firefox and thunderbird packages fix security vulnerabilities
Publication date: 26 Feb 2015Modification date: 26 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0822 , CVE-2015-0827 , CVE-2015-0831 , CVE-2015-0836
Description
Updated firefox and thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827).
An information leak flaw was found in the way Firefox and Thunderbird
implemented autocomplete forms. An attacker able to trick a user into
specifying a local file in the form could use this flaw to access the
contents of that file (CVE-2015-0822).
References
- https://bugs.mageia.org/show_bug.cgi?id=15356
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/
- https://rhn.redhat.com/errata/RHSA-2015-0265.html
- https://rhn.redhat.com/errata/RHSA-2015-0266.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0822
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0827
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0836
SRPMS
4/core
- nspr-4.10.8-1.mga4
- nss-3.17.4-1.mga4
- firefox-31.5.0-1.mga4
- firefox-l10n-31.5.0-1.mga4
- thunderbird-31.5.0-1.mga4
- thunderbird-l10n-31.5.0-1.mga4