Explore top 10 tips to secure your open-source projects now. Read More
×Critical: firefox security update. Date: Sat, 4 Jul 2015 01:10:48 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Critical: firefox on SL5.x, SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Critical: firefox security update Advisory ID: SLSA-2015:1207-1 Issue Date: 2015-07-03 CVE Numbers: CVE-2015-2724 CVE-2015-2725 CVE-2015-2727 CVE-2015-2728 CVE-2015-2729 CVE-2015-2731 CVE-2015-2722 CVE-2015-2733 CVE-2015-2734 CVE-2015-2735 CVE-2015-2736 CVE-2015-2737 CVE-2015-2738 CVE-2015-2739 CVE-2015-2740 CVE-2015-2741 CVE-2015-2743 -- Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727, CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734, CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739, CVE-2015-2740) It was found that Firefox skipped key-pinning checks when handling an error that could be overridden by the user (for example an expired certificate error). This flaw allowed a user to override a pinned certificate, which is an action the user should not be able to perform. (CVE-2015-2741) A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined with another vulnerability, it could allow execution of arbitrary code with the privileges of the user running Firefox. (CVE-2015-2743) After installing the update, Firefox must be restarted for the changes to take effect. -- SL5 x86_64 firefox-38.1.0-1.el5_11.i386.rpm firefox-38.1.0-1.el5_11.x86_64.rpm firefox-debuginfo-38.1.0-1.el5_11.i386.rpm firefox-debuginfo-38.1.0-1.el5_11.x86_64.rpm i386 firefox-38.1.0-1.el5_11.i386.rpm firefox-debuginfo-38.1.0-1.el5_11.i386.rpm SL6 x86_64 firefox-38.1.0-1.el6_6.x86_64.rpm firefox-debuginfo-38.1.0-1.el6_6.x86_64.rpm firefox-38.1.0-1.el6_6.i686.rpm firefox-debuginfo-38.1.0-1.el6_6.i686.rpm i386 firefox-38.1.0-1.el6_6.i686.rpm firefox-debuginfo-38.1.0-1.el6_6.i686.rpm SL7 x86_64 firefox-38.1.0-1.el7_1.x86_64.rpm firefox-debuginfo-38.1.0-1.el7_1.x86_64.rpm firefox-38.1.0-1.el7_1.i686.rpm firefox-debuginfo-38.1.0-1.el7_1.i686.rpm - Scientific Linux Development Team . Addressing critical flaws in Firefox, this advisory provides a security update for Scientific Linux users to prevent exploitation.. Critical Updates, Firefox Security Fix, Scientific Linux Patch. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.