Synopsis: Critical: firefox security update Advisory ID: SLSA-2015:1207-1 Issue Date: 2015-07-03 CVE Numbers: CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2731 CVE-2015-2722 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 -- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741) A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox. (CVE-2015-2743) After installing the update, Firefox must be restarted for the changes to take effect. -- SL5 x86_64 firefox-38.1.0-1.el5_11.i386.rpm firefox-38.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.1.0-1.el5_11.i386.rpm firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm i386 firefox-38.1.0-1.el5_11.i386.rpm firefox-debuginfo-38.1.0-1.el5_11.i386.rpm SL6 x86_64 firefox-38.1.0-1.el6_6.x86_64.rpm firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm firefox-38.1.0-1.el6_6.i686.rpm firefox-debuginfo-38.1.0-1.el6_6.i686.rpm i386 firefox-38.1.0-1.el6_6.i686.rpm firefox-debuginfo-38.1.0-1.el6_6.i686.rpm SL7 x86_64 firefox-38.1.0-1.el7_1.x86_64.rpm firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm firefox-38.1.0-1.el7_1.i686.rpm firefox-debuginfo-38.1.0-1.el7_1.i686.rpm - Scientific Linux Development Team