Advisories ยป MGASA-2015-0089

Updated firefox and thunderbird packages fix security vulnerabilities

Publication date: 26 Feb 2015
Modification date: 26 Feb 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0822 , CVE-2015-0827 , CVE-2015-0831 , CVE-2015-0836


Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827).

An information leak flaw was found in the way Firefox and Thunderbird
implemented autocomplete forms. An attacker able to trick a user into
specifying a local file in the form could use this flaw to access the
contents of that file (CVE-2015-0822).