Synopsis: Critical: firefox security update Advisory ID: SLSA-2014:0310-1 Issue Date: 2014-03-18 CVE Numbers: CVE-2014-1493 CVE-2014-1497 CVE-2014-1508 CVE-2014-1509 CVE-2014-1505 CVE-2014-1510 CVE-2014-1511 CVE-2014-1512 CVE-2014-1513 CVE-2014-1514 -- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511, CVE-2014-1512, CVE-2014-1513, CVE-2014-1514) Several information disclosure flaws were found in the way Firefox processed malformed web content. An attacker could use these flaws to gain access to sensitive information such as cross-domain content or protected memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497, CVE-2014-1508, CVE-2014-1505) A memory corruption flaw was found in the way Firefox rendered certain PDF files. An attacker able to trick a user into installing a malicious extension could use this flaw to crash Firefox or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1509) After installing the update, Firefox must be restarted for the changes to take effect. -- SL5 x86_64 firefox-24.4.0-1.el5_10.i386.rpm firefox-24.4.0-1.el5_10.x86_64.rpm firefox-debuginfo-24.4.0-1.el5_10.i386.rpm firefox-debuginfo-24.4.0-1.el5_10.x86_64.rpm i386 firefox-24.4.0-1.el5_10.i386.rpm firefox-debuginfo-24.4.0-1.el5_10.i386.rpm SL6 x86_64 firefox-24.4.0-1.el6_5.i686.rpm firefox-24.4.0-1.el6_5.x86_64.rpm firefox-debuginfo-24.4.0-1.el6_5.i686.rpm firefox-debuginfo-24.4.0-1.el6_5.x86_64.rpm i386 firefox-24.4.0-1.el6_5.i686.rpm firefox-debuginfo-24.4.0-1.el6_5.i686.rpm - Scientific Linux Development Team