firefox-38.0-4.0.1.AXS4
エラータID: AXSA:2015-141:04
Release date:
Tuesday, May 19, 2015 - 12:44
Subject:
firefox-38.0-4.0.1.AXS4
Affected Channels:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
Security issues fixed with this release:
CVE-2015-0797
CVE-2015-2708
CVE-2015-2710
CVE-2015-2713
CVE-2015-2716
This version of Firefox loads the Firefox homepage instead of the Asianux homepage.
We will fix this problem in next version.
Solution:
Update package.
CVEs:
CVE-2015-0797
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.
CVE-2015-2708
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-2710
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.
CVE-2015-2713
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVE-2015-2716
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.
Additional Info:
N/A
Download:
SRPMS
- firefox-38.0-4.0.1.AXS4.src.rpm
MD5: f69f83f740940a5143c30707da0d8386
SHA-256: d837e908c78a4f4dbf27cfc5e367d191131283a9ab95f5bd5da7c9105c49aa01
Size: 319.01 MB
Asianux Server 4 for x86
- firefox-38.0-4.0.1.AXS4.i686.rpm
MD5: e576815dfe62645f477ec71ae9f32ec4
SHA-256: e6e63a1656acf1f050438347cfa52b87e642f31031b1d800b1756b0f1e1f4383
Size: 70.31 MB
Asianux Server 4 for x86_64
- firefox-38.0-4.0.1.AXS4.x86_64.rpm
MD5: 7070512068dc2f1060b28e6165079b1e
SHA-256: 5ddb29c18108ac422dc95435bf555e8335c6e8c0b5689b86f80e8e4dcabd8685
Size: 69.60 MB - firefox-38.0-4.0.1.AXS4.i686.rpm
MD5: e576815dfe62645f477ec71ae9f32ec4
SHA-256: e6e63a1656acf1f050438347cfa52b87e642f31031b1d800b1756b0f1e1f4383
Size: 70.31 MB
日本語