Mageia alert MGASA-2016-0158 (firefox)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2016-0158: Updated firefox packages fix security vulnerabilities 
Date:
    	     
 
Fri, 29 Apr 2016 19:22:06 +0200
Message-ID:
    	     
 
<20160429172206.CA9199F641@duvel.mageia.org>
MGASA-2016-0158 - Updated firefox packages fix security vulnerabilities

Publication date: 29 Apr 2016
URL: http://advisories.mageia.org/MGASA-2016-0158.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-2805,
     CVE-2016-2806,
     CVE-2016-2807,
     CVE-2016-2808,
     CVE-2016-2814

Description:
Updated firefox packages fix security vulnerabilities:

Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox
(CVE-2016-2805, CVE-2016-2806, CVE-2016-2807, CVE-2016-2808, CVE-2016-2814).

References:
- https://bugs.mageia.org/show_bug.cgi?id=18278
- https://www.mozilla.org/en-US/security/advisories/mfsa201...
- https://www.mozilla.org/en-US/security/advisories/mfsa201...
- https://www.mozilla.org/en-US/security/advisories/mfsa201...
- https://www.mozilla.org/en-US/security/known-vulnerabilit...
- https://rhn.redhat.com/errata/RHSA-2016-0695.html
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2806
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2808
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2814

SRPMS:
- 5/core/firefox-38.8.0-1.mga5
- 5/core/firefox-l10n-38.8.0-1.mga5