Synopsis: Critical: firefox security update
Advisory ID: SLSA-2014:0448-1
Issue Date: 2014-04-29
CVE Numbers: CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
—
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529,
CVE-2014-1531)
A use-after-free flaw was found in the way Firefox resolved hosts in
certain circumstances. An attacker could use this flaw to crash Firefox
or, potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2014-1532)
An out-of-bounds read flaw was found in the way Firefox decoded JPEG
images. Loading a web page containing a specially crafted JPEG image could
cause Firefox to crash. (CVE-2014-1523)
A flaw was found in the way Firefox handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)
After installing the update, Firefox must be restarted for the changes to
take effect.
—
SL5
x86_64
firefox-24.5.0-1.el5_10.i386.rpm
firefox-24.5.0-1.el5_10.x86_64.rpm
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
firefox-debuginfo-24.5.0-1.el5_10.x86_64.rpm
i386
firefox-24.5.0-1.el5_10.i386.rpm
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
SL6
x86_64
firefox-24.5.0-1.el6_5.i686.rpm
firefox-24.5.0-1.el6_5.x86_64.rpm
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
i386
firefox-24.5.0-1.el6_5.i686.rpm
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
– Scientific Linux Development Team
