LISTSERV - SCIENTIFIC-LINUX-ERRATA Archives

SCIENTIFIC-LINUX-ERRATA Archives

July 2015

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-ERRATA Home
	SCIENTIFIC-LINUX-ERRATA July 2015

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Security ERRATA Critical: firefox on SL5.x, SL6.x, SL7.x i386/x86_64
From:	Pat Riehecky <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sat, 4 Jul 2015 01:10:48 +0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (71 lines)

Synopsis:          Critical: firefox security update

Advisory ID:       SLSA-2015:1207-1

Issue Date:        2015-07-03

CVE Numbers:       CVE-2015-2724

                   CVE-2015-2725

                   CVE-2015-2727

                   CVE-2015-2728

                   CVE-2015-2729

                   CVE-2015-2731

                   CVE-2015-2722

                   CVE-2015-2733

                   CVE-2015-2734

                   CVE-2015-2735

                   CVE-2015-2736

                   CVE-2015-2737

                   CVE-2015-2738

                   CVE-2015-2739

                   CVE-2015-2740

                   CVE-2015-2741

                   CVE-2015-2743

--



Several flaws were found in the processing of malformed web content. A web

page containing malicious content could cause Firefox to crash or,

potentially, execute arbitrary code with the privileges of the user

running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722,

CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733,

CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,

CVE-2015-2739, CVE-2015-2740)



It was found that Firefox skipped key-pinning checks when handling an

error that could be overridden by the user (for example an expired

certificate error). This flaw allowed a user to override a pinned

certificate, which is an action the user should not be able to perform.

(CVE-2015-2741)



A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined

with another vulnerability, it could allow execution of arbitrary code

with the privileges of the user running Firefox. (CVE-2015-2743)



After installing the update, Firefox must be restarted for the

changes to take effect.

--



SL5

  x86_64

    firefox-38.1.0-1.el5_11.i386.rpm

    firefox-38.1.0-1.el5_11.x86_64.rpm

    firefox-debuginfo-38.1.0-1.el5_11.i386.rpm

    firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm

  i386

    firefox-38.1.0-1.el5_11.i386.rpm

    firefox-debuginfo-38.1.0-1.el5_11.i386.rpm

SL6

  x86_64

    firefox-38.1.0-1.el6_6.x86_64.rpm

    firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm

    firefox-38.1.0-1.el6_6.i686.rpm

    firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

  i386

    firefox-38.1.0-1.el6_6.i686.rpm

    firefox-debuginfo-38.1.0-1.el6_6.i686.rpm

SL7

  x86_64

    firefox-38.1.0-1.el7_1.x86_64.rpm

    firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm

    firefox-38.1.0-1.el7_1.i686.rpm

    firefox-debuginfo-38.1.0-1.el7_1.i686.rpm



- Scientific Linux Development Team

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV