Synopsis: Critical: firefox security update
Advisory ID: SLSA-2016:0373-1
Issue Date: 2016-03-09
CVE Numbers: CVE-2016-1952
CVE-2016-1954
CVE-2016-1957
CVE-2016-1958
CVE-2016-1960
CVE-2016-1961
CVE-2016-1962
CVE-2016-1964
CVE-2016-1965
CVE-2016-1966
CVE-2016-1973
CVE-2016-1974
—
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox. (CVE-2016-1952, CVE-2016-1954, CVE-2016-1957,
CVE-2016-1958, CVE-2016-1960, CVE-2016-1961, CVE-2016-1962, CVE-2016-1973,
CVE-2016-1974, CVE-2016-1964, CVE-2016-1965, CVE-2016-1966)
Multiple security flaws were found in the graphite2 font library shipped
with Firefox. A web page containing malicious content could cause Firefox
to crash or, potentially, execute arbitrary code with the privileges of
the user running Firefox. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791,
CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796,
CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801,
CVE-2016-2802)
After installing the update, Firefox must be restarted for the changes
to take effect.
—
SL5
x86_64
firefox-38.7.0-1.el5_11.i386.rpm
firefox-38.7.0-1.el5_11.x86_64.rpm
firefox-debuginfo-38.7.0-1.el5_11.i386.rpm
firefox-debuginfo-38.7.0-1.el5_11.x86_64.rpm
i386
firefox-38.7.0-1.el5_11.i386.rpm
firefox-debuginfo-38.7.0-1.el5_11.i386.rpm
SL6
x86_64
firefox-38.7.0-1.el6_7.x86_64.rpm
firefox-debuginfo-38.7.0-1.el6_7.x86_64.rpm
firefox-38.7.0-1.el6_7.i686.rpm
firefox-debuginfo-38.7.0-1.el6_7.i686.rpm
i386
firefox-38.7.0-1.el6_7.i686.rpm
firefox-debuginfo-38.7.0-1.el6_7.i686.rpm
SL7
x86_64
firefox-38.7.0-1.el7_2.x86_64.rpm
firefox-debuginfo-38.7.0-1.el7_2.x86_64.rpm
firefox-38.7.0-1.el7_2.i686.rpm
firefox-debuginfo-38.7.0-1.el7_2.i686.rpm
– Scientific Linux Development Team
