{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0115",
  "published": "2015-03-23T23:58:37Z",
  "modified": "2015-03-23T23:49:56Z",
  "summary": "Updated firefox packages fix security vulnerabilities",
  "details": "A flaw was discovered in the implementation of typed array bounds checking\nin the Javascript just-in-time compilation. If a user were tricked in to\nopening a specially crafted website, an attacked could exploit this to\nexecute arbitrary code with the privileges of the user invoking Firefox\n(CVE-2015-0817).\n\nMariusz Mlynski discovered a flaw in the processing of SVG format content\nnavigation. If a user were tricked in to opening a specially crafted\nwebsite, an attacker could exploit this to run arbitrary script in a\nprivileged context (CVE-2015-0818).\n\nThe firefox package has been updated to version 31.5.3 to fix these issues.\n\nAlso, the nss package has been updated to version 3.18, which enables TLS\nand DTLS 1.2, increases the default RSA key size created by certutil to 2048\nbits, and has some CA root certificate updates.\n",
  "upstream": [
    "CVE-2015-0817",
    "CVE-2015-0818"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0115.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=15555"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/"
    },
    {
      "type": "WEB",
      "url": "https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.18_release_notes"
    },
    {
      "type": "WEB",
      "url": "https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/usn-2538-1/"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "rootcerts",
        "purl": "pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "20150226.00-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "nss",
        "purl": "pkg:rpm/mageia/nss?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.18.0-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "firefox",
        "purl": "pkg:rpm/mageia/firefox?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "31.5.3-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    },
    {
      "package": {
        "ecosystem": "Mageia:4",
        "name": "firefox-l10n",
        "purl": "pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "31.5.3-1.mga4"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}