Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

Scientific Linux 5 Firefox Significant Security Update SLSA-2015-1207-1

Scientific Large Esm H446
Critical: firefox security update
Date: Sat, 4 Jul 2015 01:10:48 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: firefox on SL5.x, SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150704011048.21714.89780@slpackages.fnal.gov>

Synopsis: Critical: firefox security update
Advisory ID: SLSA-2015:1207-1
Issue Date: 2015-07-03
CVE Numbers: CVE-2015-2724
 CVE-2015-2725
 CVE-2015-2727
 CVE-2015-2728
 CVE-2015-2729
 CVE-2015-2731
 CVE-2015-2722
 CVE-2015-2733
 CVE-2015-2734
 CVE-2015-2735
 CVE-2015-2736
 CVE-2015-2737
 CVE-2015-2738
 CVE-2015-2739
 CVE-2015-2740
 CVE-2015-2741
 CVE-2015-2743
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722,
CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733,
CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738,
CVE-2015-2739, CVE-2015-2740)

It was found that Firefox skipped key-pinning checks when handling an
error that could be overridden by the user (for example an expired
certificate error). This flaw allowed a user to override a pinned
certificate, which is an action the user should not be able to perform.
(CVE-2015-2741)

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined
with another vulnerability, it could allow execution of arbitrary code
with the privileges of the user running Firefox. (CVE-2015-2743)

After installing the update, Firefox must be restarted for the
changes to take effect.
--

SL5
 x86_64
 firefox-38.1.0-1.el5_11.i386.rpm
 firefox-38.1.0-1.el5_11.x86_64.rpm
 firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
 firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm
 i386
 firefox-38.1.0-1.el5_11.i386.rpm
 firefox-debuginfo-38.1.0-1.el5_11.i386.rpm
SL6
 x86_64
 firefox-38.1.0-1.el6_6.x86_64.rpm
 firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm
 firefox-38.1.0-1.el6_6.i686.rpm
 firefox-debuginfo-38.1.0-1.el6_6.i686.rpm
 i386
 firefox-38.1.0-1.el6_6.i686.rpm
 firefox-debuginfo-38.1.0-1.el6_6.i686.rpm
SL7
 x86_64
 firefox-38.1.0-1.el7_1.x86_64.rpm
 firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm
 firefox-38.1.0-1.el7_1.i686.rpm
 firefox-debuginfo-38.1.0-1.el7_1.i686.rpm

- Scientific Linux Development Team