CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.7%
Updated firefox and thunderbird packages fix security vulnerabilities: Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-0836, CVE-2015-0831, CVE-2015-0827). An information leak flaw was found in the way Firefox and Thunderbird implemented autocomplete forms. An attacker able to trick a user into specifying a local file in the form could use this flaw to access the contents of that file (CVE-2015-0822).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | nspr | < 4.10.8-1 | nspr-4.10.8-1.mga4 |
Mageia | 4 | noarch | nss | < 3.17.4-1 | nss-3.17.4-1.mga4 |
Mageia | 4 | noarch | firefox | < 31.5.0-1 | firefox-31.5.0-1.mga4 |
Mageia | 4 | noarch | firefox-l10n | < 31.5.0-1 | firefox-l10n-31.5.0-1.mga4 |
Mageia | 4 | noarch | thunderbird | < 31.5.0-1 | thunderbird-31.5.0-1.mga4 |
Mageia | 4 | noarch | thunderbird-l10n | < 31.5.0-1 | thunderbird-l10n-31.5.0-1.mga4 |
bugs.mageia.org/show_bug.cgi?id=15356
rhn.redhat.com/errata/RHSA-2015-0265.html
rhn.redhat.com/errata/RHSA-2015-0266.html
www.mozilla.org/en-US/security/advisories/mfsa2015-11/
www.mozilla.org/en-US/security/advisories/mfsa2015-16/
www.mozilla.org/en-US/security/advisories/mfsa2015-19/
www.mozilla.org/en-US/security/advisories/mfsa2015-24/
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/