MGASA-2015-0477
Vulnerability Summary
Timeline
Description
Updated firefox packages fix security vulnerabilities Updated firefox packages fix security vulnerabilities: Multiple memory safety issues in Firefox were discovered. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7201). Ronald Crane discovered a buffer overflow through code inspection. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7205). Looben Yang discovered a use-after-free in WebRTC when closing channels in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7210). Abhishek Arya discovered an integer overflow when allocating large textures. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7212). Ronald Crane dicovered an integer overflow when processing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7213). Tsubasa Iinuma discovered a way to bypass same-origin restrictions using data: and view-source: URLs. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information and read local files (CVE-2015-7214). Gerald Squelart discovered an integer underflow in the libstagefright library when parsing MP4 format video in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-7222).
Affected Systems
- mageia•firefox
< 38.5.0-1.mga5
- mageia•firefox-l10n
< 38.5.0-1.mga5
- mageia•nspr
< 4.11-1.mga5
- mageia•nss
< 3.21.0-1.mga5
References (11)
- https://advisories.mageia.org/MGASA-2015-0477.html
- https://bugs.mageia.org/show_bug.cgi?id=17337
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
- https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- http://www.ubuntu.com/usn/usn-2833-1/