|
|
Log in / Subscribe / Register

Scientific Linux alert SLSA-2015:1207-1 (firefox)



From:
    	      Pat Riehecky <riehecky@fnal.gov> 


To:
    	      <scientific-linux-errata@listserv.fnal.gov> 


Subject:
    	      Security ERRATA Critical: firefox on SL5.x, SL6.x, SL7.x i386/x86_64 


Date:
    	      Sat, 4 Jul 2015 01:10:48 +0000


Message-ID:
    	      <20150704011048.21714.89780@slpackages.fnal.gov>


Synopsis:          Critical: firefox security update
Advisory ID:       SLSA-2015:1207-1
Issue Date:        2015-07-03
CVE Numbers:       CVE-2015-2724
                   CVE-2015-2725
                   CVE-2015-2727
                   CVE-2015-2728
                   CVE-2015-2729
                   CVE-2015-2731
                   CVE-2015-2722
                   CVE-2015-2733
                   CVE-2015-2734
                   CVE-2015-2735
                   CVE-2015-2736
                   CVE-2015-2737
                   CVE-2015-2738
                   CVE-2015-2739
                   CVE-2015-2740
                   CVE-2015-2741
                   CVE-2015-2743
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722,
CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733,
CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,
CVE-2015-2739, CVE-2015-2740)

It was found that Firefox skipped key-pinning checks when handling an
error that could be overridden by the user (for example an expired
certificate error). This flaw allowed a user to override a pinned
certificate, which is an action the user should not be able to perform.
(CVE-2015-2741)

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined
with another vulnerability, it could allow execution of arbitrary code
with the privileges of the user running Firefox. (CVE-2015-2743)

After installing the update, Firefox must be restarted for the
changes to take effect.
--

SL5
  x86_64
    firefox-38.1.0-1.el5_11.i386.rpm
    firefox-38.1.0-1.el5_11.x86_64.rpm
    firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
    firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm
  i386
    firefox-38.1.0-1.el5_11.i386.rpm
    firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
SL6
  x86_64
    firefox-38.1.0-1.el6_6.x86_64.rpm
    firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm
    firefox-38.1.0-1.el6_6.i686.rpm
    firefox-debuginfo-38.1.0-1.el6_6.i686.rpm
  i386
    firefox-38.1.0-1.el6_6.i686.rpm
    firefox-debuginfo-38.1.0-1.el6_6.i686.rpm
SL7
  x86_64
    firefox-38.1.0-1.el7_1.x86_64.rpm
    firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm
    firefox-38.1.0-1.el7_1.i686.rpm
    firefox-debuginfo-38.1.0-1.el7_1.i686.rpm

- Scientific Linux Development Team
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds