The package firefox before version 47.0-1 is vulnerable to arbitrary code execution, same-origin policy bypass, information leakage, cross-site scripting, denial of service, clickjacking, addressbar spoofing and visual user confusion.
Arch Linux Security Advisory ASA-201606-7
========================================
Severity: Critical
Date : 2016-06-08
CVE-ID : CVE-2016-2815 CVE-2016-2818 CVE-2016-2819 CVE-2016-2821
CVE-2016-2822 CVE-2016-2825 CVE-2016-2828 CVE-2016-2829
CVE-2016-2831 CVE-2016-2832 CVE-2016-2833
Package : firefox
Type : multiple issues
Remote : Yes
Link :
Summary
======
The package firefox before version 47.0-1 is vulnerable to arbitrary
code execution, same-origin policy bypass, information leakage,
cross-site scripting, denial of service, clickjacking, addressbar
spoofing and visual user confusion.
Resolution
=========
Upgrade to 47.0-1.
# pacman -Syu "firefox>=47.0-1"
The problems have been fixed upstream in version 47.0.
Workaround
=========
None.
Description
==========
- CVE-2016-2815 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2818 (arbitrary code execution)
Mozilla developers and community members reported several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code.
- CVE-2016-2819 (arbitrary code execution)
Security researcher firehack reported a buffer overflow when parsing
HTML5 fragments in a foreign context such as under an
Jun 08, 2016
•
LinuxSecurity Advisories
PREVIOUS
NEXT
