Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2015:0265-1
Issue Date:        2015-02-25
CVE Numbers:       CVE-2015-0836
                   CVE-2015-0831
                   CVE-2015-0827
                   CVE-2015-0822
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827)

An information leak flaw was found in the way Firefox implemented
autocomplete forms. An attacker able to trick a user into specifying a
local file in the form could use this flaw to access the contents of that
file. (CVE-2015-0822)

After installing the update, Firefox must be restarted for the changes
to take effect.
--

SL5
  x86_64
    firefox-31.5.0-1.el5_11.i386.rpm
    firefox-31.5.0-1.el5_11.x86_64.rpm
    firefox-debuginfo-31.5.0-1.el5_11.i386.rpm
    firefox-debuginfo-31.5.0-1.el5_11.x86_64.rpm
  i386
    firefox-31.5.0-1.el5_11.i386.rpm
    firefox-debuginfo-31.5.0-1.el5_11.i386.rpm
SL6
  x86_64
    firefox-31.5.0-1.el6_6.x86_64.rpm
    firefox-debuginfo-31.5.0-1.el6_6.x86_64.rpm
    firefox-31.5.0-1.el6_6.i686.rpm
    firefox-debuginfo-31.5.0-1.el6_6.i686.rpm
  i386
    firefox-31.5.0-1.el6_6.i686.rpm
    firefox-debuginfo-31.5.0-1.el6_6.i686.rpm
SL7
  x86_64
    firefox-31.5.0-2.el7_0.x86_64.rpm
    firefox-debuginfo-31.5.0-2.el7_0.x86_64.rpm
    xulrunner-31.5.0-1.el7_0.i686.rpm
    xulrunner-31.5.0-1.el7_0.x86_64.rpm
    xulrunner-debuginfo-31.5.0-1.el7_0.i686.rpm
    xulrunner-debuginfo-31.5.0-1.el7_0.x86_64.rpm
    firefox-31.5.0-2.el7_0.i686.rpm
    firefox-debuginfo-31.5.0-2.el7_0.i686.rpm
    xulrunner-devel-31.5.0-1.el7_0.i686.rpm
    xulrunner-devel-31.5.0-1.el7_0.x86_64.rpm

- Scientific Linux Development Team