Updated firefox and thunderbird packages fix security vulnerabilities

2015-02-2611:26:53

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.062 Low

EPSS

Percentile

93.5%

JSON

Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827). An information leak flaw was found in the way Firefox and Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file (CVE-2015-0822).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchnspr< 4.10.8-1nspr-4.10.8-1.mga4
Mageia4noarchnss< 3.17.4-1nss-3.17.4-1.mga4
Mageia4noarchfirefox< 31.5.0-1firefox-31.5.0-1.mga4
Mageia4noarchfirefox-l10n< 31.5.0-1firefox-l10n-31.5.0-1.mga4
Mageia4noarchthunderbird< 31.5.0-1thunderbird-31.5.0-1.mga4
Mageia4noarchthunderbird-l10n< 31.5.0-1thunderbird-l10n-31.5.0-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	nspr	< 4.10.8-1	nspr-4.10.8-1.mga4
Mageia	4	noarch	nss	< 3.17.4-1	nss-3.17.4-1.mga4
Mageia	4	noarch	firefox	< 31.5.0-1	firefox-31.5.0-1.mga4
Mageia	4	noarch	firefox-l10n	< 31.5.0-1	firefox-l10n-31.5.0-1.mga4
Mageia	4	noarch	thunderbird	< 31.5.0-1	thunderbird-31.5.0-1.mga4
Mageia	4	noarch	thunderbird-l10n	< 31.5.0-1	thunderbird-l10n-31.5.0-1.mga4