Scientific Linux: Firefox Critical Update SLSA-2015:1586-1 CVE-2015-4473 DoS

Date: Tue, 11 Aug 2015 23:39:20 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Critical: firefox on SL5.x, SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0
Message-ID: <20150811233920.6984.96379@slpackages.fnal.gov>

Synopsis: Critical: firefox security update
Advisory ID: SLSA-2015:1586-1
Issue Date: 2015-08-11
CVE Numbers: CVE-2015-4473
 CVE-2015-4475
 CVE-2015-4478
 CVE-2015-4479
 CVE-2015-4480
 CVE-2015-4493
 CVE-2015-4484
 CVE-2015-4491
 CVE-2015-4485
 CVE-2015-4486
 CVE-2015-4487
 CVE-2015-4488
 CVE-2015-4489
 CVE-2015-4492
--

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2015-4473, CVE-2015-4475, CVE-2015-4478,
CVE-2015-4479, CVE-2015-4480, CVE-2015-4493, CVE-2015-4484, CVE-2015-4491,
CVE-2015-4485, CVE-2015-4486, CVE-2015-4487, CVE-2015-4488, CVE-2015-4489,
CVE-2015-4492)

After installing the update, Firefox must be restarted for the changes to
take effect.
--

SL5
 x86_64
 firefox-38.2.0-4.el5_11.i386.rpm
 firefox-38.2.0-4.el5_11.x86_64.rpm
 firefox-debuginfo-38.2.0-4.el5_11.i386.rpm
 firefox-debuginfo-38.2.0-4.el5_11.x86_64.rpm
 i386
 firefox-38.2.0-4.el5_11.i386.rpm
 firefox-debuginfo-38.2.0-4.el5_11.i386.rpm
SL6
 x86_64
 firefox-38.2.0-4.el6_7.x86_64.rpm
 firefox-debuginfo-38.2.0-4.el6_7.x86_64.rpm
 firefox-38.2.0-4.el6_7.i686.rpm
 firefox-debuginfo-38.2.0-4.el6_7.i686.rpm
 i386
 firefox-38.2.0-4.el6_7.i686.rpm
 firefox-debuginfo-38.2.0-4.el6_7.i686.rpm
SL7
 x86_64
 firefox-38.2.0-4.el7_1.x86_64.rpm
 firefox-debuginfo-38.2.0-4.el7_1.x86_64.rpm
 firefox-38.2.0-4.el7_1.i686.rpm
 firefox-debuginfo-38.2.0-4.el7_1.i686.rpm

- Scientific Linux Development Team