firefox-31.6.0-2.0.1.AXS4
エラータID: AXSA:2015-102:03
Release date:
Tuesday, April 14, 2015 - 11:22
Subject:
firefox-31.6.0-2.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
Security issues fixed with this release:
CVE-2015-0801
CVE-2015-0807
CVE-2015-0813
CVE-2015-0815
CVE-2015-0816
All issues are:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Solution:
Update package.
CVEs:
CVE-2015-0801
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.
CVE-2015-0807
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
The navigator.sendBeacon implementation in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 processes HTTP 30x status codes for redirects after a preflight request has occurred, which allows remote attackers to bypass intended CORS access-control checks and conduct cross-site request forgery (CSRF) attacks via a crafted web site, a similar issue to CVE-2014-8638.
CVE-2015-0813
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStreamer is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted MP3 file.
CVE-2015-0815
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-0816
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
Additional Info:
N/A
Download:
SRPMS
- firefox-31.6.0-2.0.1.AXS4.src.rpm
MD5: 1818029d665128324610bf5c1b1fba2e
SHA-256: 98df016c0c8ac6b506ba5d58822ab66a5f0f722e469f2c417f7e179b863c8d19
Size: 184.01 MB
Asianux Server 4 for x86
- firefox-31.6.0-2.0.1.AXS4.i686.rpm
MD5: 65c7d259ebab35b199d3d0cb5b432c72
SHA-256: 0ecb72b8a57aebcade2af0ca94c07d19ffb02da9226705a8a21189698a18eb3d
Size: 60.75 MB
Asianux Server 4 for x86_64
- firefox-31.6.0-2.0.1.AXS4.x86_64.rpm
MD5: b7a1b664449a7edca6efdc3ed49c6562
SHA-256: 817dea509b463ccaed910534edb9821e4eaab0cb31601190536ed2b12fe8a2be
Size: 60.18 MB - firefox-31.6.0-2.0.1.AXS4.i686.rpm
MD5: 65c7d259ebab35b199d3d0cb5b432c72
SHA-256: 0ecb72b8a57aebcade2af0ca94c07d19ffb02da9226705a8a21189698a18eb3d
Size: 60.75 MB
日本語