Synopsis: Critical: firefox security update
Advisory ID: SLSA-2014:0310-1
Issue Date: 2014-03-18
CVE Numbers: CVE-2014-1493
CVE-2014-1497
CVE-2014-1508
CVE-2014-1509
CVE-2014-1505
CVE-2014-1510
CVE-2014-1511
CVE-2014-1512
CVE-2014-1513
CVE-2014-1514
—
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2014-1493, CVE-2014-1510, CVE-2014-1511,
CVE-2014-1512, CVE-2014-1513, CVE-2014-1514)
Several information disclosure flaws were found in the way Firefox
processed malformed web content. An attacker could use these flaws to gain
access to sensitive information such as cross-domain content or protected
memory addresses or, potentially, cause Firefox to crash. (CVE-2014-1497,
CVE-2014-1508, CVE-2014-1505)
A memory corruption flaw was found in the way Firefox rendered certain PDF
files. An attacker able to trick a user into installing a malicious
extension could use this flaw to crash Firefox or, potentially, execute
arbitrary code with the privileges of the user running Firefox.
(CVE-2014-1509)
After installing the update, Firefox must be restarted for the changes
to take effect.
—
SL5
x86_64
firefox-24.4.0-1.el5_10.i386.rpm
firefox-24.4.0-1.el5_10.x86_64.rpm
firefox-debuginfo-24.4.0-1.el5_10.i386.rpm
firefox-debuginfo-24.4.0-1.el5_10.x86_64.rpm
i386
firefox-24.4.0-1.el5_10.i386.rpm
firefox-debuginfo-24.4.0-1.el5_10.i386.rpm
SL6
x86_64
firefox-24.4.0-1.el6_5.i686.rpm
firefox-24.4.0-1.el6_5.x86_64.rpm
firefox-debuginfo-24.4.0-1.el6_5.i686.rpm
firefox-debuginfo-24.4.0-1.el6_5.x86_64.rpm
i386
firefox-24.4.0-1.el6_5.i686.rpm
firefox-debuginfo-24.4.0-1.el6_5.i686.rpm
– Scientific Linux Development Team
