Advisories ยป MGASA-2015-0331

Updated firefox package fixes security vulnerability

Publication date: 29 Aug 2015
Modification date: 29 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4497 , CVE-2015-4498


Updated firefox packages fix security vulnerabilities:

A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox

A flaw was found in the way Firefox handled installation of add-ons.
An attacker could use this flaw to bypass the add-on installation prompt,
and trick the user into installing an add-on from a malicious source