Gentoo FoundationMGASA-2015-0477Updated firefox packages fix security vulnerabilities
0.057 Low
EPSS
Percentile
93.3%
Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7201). Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7205). Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7210). Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7212). Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7213). Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files (CVE-2015-7214). Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7222).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | nspr | < 4.11-1 | nspr-4.11-1.mga5 |
| Mageia | 5 | noarch | nss | < 3.21.0-1 | nss-3.21.0-1.mga5 |
| Mageia | 5 | noarch | firefox | < 38.5.0-1 | firefox-38.5.0-1.mga5 |
| Mageia | 5 | noarch | firefox-l10n | < 38.5.0-1 | firefox-l10n-38.5.0-1.mga5 |
References
www.ubuntu.com/usn/usn-2833-1/
bugs.mageia.org/show_bug.cgi?id=17337
www.mozilla.org/en-US/security/advisories/mfsa2015-134/
www.mozilla.org/en-US/security/advisories/mfsa2015-138/
www.mozilla.org/en-US/security/advisories/mfsa2015-139/
www.mozilla.org/en-US/security/advisories/mfsa2015-145/
www.mozilla.org/en-US/security/advisories/mfsa2015-146/
www.mozilla.org/en-US/security/advisories/mfsa2015-147/
www.mozilla.org/en-US/security/advisories/mfsa2015-149/
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
Related
