Advisories » MGASA-2015-0305

Updated firefox package fixes CVE-2015-4495

Publication date: 07 Aug 2015
Modification date: 07 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4495

Description

Updated firefox packages fix security vulnerability:

Security researcher Cody Crews reported on a way to violate the same origin
policy and inject script into a non-privileged part of the built-in PDF Viewer
in Firefox. This would allow an attacker to read and steal sensitive local
files on the victim's computer (CVE-2015-4495).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16550
• https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
• https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495

SRPMS

5/core

• firefox-38.1.1-1.mga5
• firefox-l10n-38.1.1-1.mga5

4/core

• firefox-38.1.1-1.mga4
• firefox-l10n-38.1.1-1.mga4