Updated firefox package fixes security vulnerability
Publication date: 29 Aug 2015Modification date: 29 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4497 , CVE-2015-4498
Description
Updated firefox packages fix security vulnerabilities:
A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox
(CVE-2015-4497).
A flaw was found in the way Firefox handled installation of add-ons.
An attacker could use this flaw to bypass the add-on installation prompt,
and trick the user into installing an add-on from a malicious source
(CVE-2015-4498).
References
- https://bugs.mageia.org/show_bug.cgi?id=16666
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498
- http://mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-9-Release-td343441.html
- https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-95/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://rhn.redhat.com/errata/RHSA-2015-1693.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498
SRPMS
4/core
- firefox-38.2.1-1.mga4
- firefox-l10n-38.2.1-1.mga4
- nspr-4.10.9-1.mga4
- nss-3.20.0-1.mga4
5/core
- firefox-38.2.1-1.mga5
- firefox-l10n-38.2.1-1.mga5
- nspr-4.10.9-1.mga5
- nss-3.20.0-1.mga5