Advisories ยป MGASA-2017-0081

Updated firefox packages fix security vulnerability

Publication date: 23 Mar 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5398 , CVE-2017-5400 , CVE-2017-5401 , CVE-2017-5402 , CVE-2017-5404 , CVE-2017-5405 , CVE-2017-5407 , CVE-2017-5408 , CVE-2017-5410

Description

Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401,
CVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,
CVE-2017-5405).

Also, the nss package has been updated to version 3.28.3, in which the
Next Protocol Negotiation (NPN) extension has been replaced by the
Application-Layer Protocol Negotiation (ALPN) extension and which now
supports the Finite Field Diffie-Hellman Ephemeral Parameters (FFDHE)
negotiation.

Due to the nss update, the sqlite3 package has been updated to version
3.10.2.

Additionally, an error in the nss package has been corrected, where it was
failing to build against the system rootcerts package and instead was
using a bundled version, which could have caused the rootcerts that NSS
used to be outdated at times (mga#20053).  The nss package has now been
built against the latest rootcerts, which have also been updated.
                

References

SRPMS

5/core