firefox-24.7.0-1.0.1.AXS4

エラータID: AXSA:2014-469:03

Release date: 
Monday, July 28, 2014 - 16:11
Subject: 
firefox-24.7.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Security issues fixed with this release:

CVE-2014-1547
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.

CVE-2014-1556
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.

CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.

Solution: 

update package.

CVEs: 
CVE-2014-1547
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
CVE-2014-1556
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.


Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-24.7.0-1.0.1.AXS4.src.rpm
    MD5: 0dec965cfbf52b78ed48df795acbf5f2
    SHA-256: cdccba1bc708fe970c59dbdbebc499278ca66536cc86d08f3c37a7c8307ae78e
    Size: 138.33 MB

Asianux Server 4 for x86
  1. firefox-24.7.0-1.0.1.AXS4.i686.rpm
    MD5: 3bbb11e63f30d65b3ac4c0ec55fd2851
    SHA-256: 0020ffd2a4f62a47e7bc2b0b24eee372b28a575f7fdcec9a230837a8f739a2d9
    Size: 47.34 MB

Asianux Server 4 for x86_64
  1. firefox-24.7.0-1.0.1.AXS4.x86_64.rpm
    MD5: aff334098babf0f784e357f7a9763ef8
    SHA-256: e4bc1b932eeada926f569b8706f86e8f19bebe3cd5097f6408f58fa37958cb64
    Size: 46.89 MB
  2. firefox-24.7.0-1.0.1.AXS4.i686.rpm
    MD5: 3bbb11e63f30d65b3ac4c0ec55fd2851
    SHA-256: 0020ffd2a4f62a47e7bc2b0b24eee372b28a575f7fdcec9a230837a8f739a2d9
    Size: 47.34 MB