Advisories ยป MGASA-2015-0131

Updated firefox & thunderbird packages fix security vulnerabilities

Publication date: 03 Apr 2015
Modification date: 03 Apr 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-0801 , CVE-2015-0807 , CVE-2015-0813 , CVE-2015-0815 , CVE-2015-0816

Description

Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to crash
or, potentially, execute arbitrary code with the privileges of the user
running it (CVE-2015-0801, CVE-2015-0813, CVE-2015-0815).

A flaw was found in the Beacon interface implementation in Firefox and
Thunderbird. A web page containing malicious content could allow a remote
attacker to conduct a Cross-Site Request Forgery (CSRF) attack
(CVE-2015-0807).

A flaw was found in the way documents were loaded via resource URLs in, for
example, Firefox's PDF.js PDF file viewer. An attacker could use this flaw
to bypass certain restrictions and under certain conditions even execute
arbitrary code with the privileges of the user running Firefox or Thunderbird
(CVE-2015-0816)

References

SRPMS

4/core