firefox-38.2.1-1.0.1.AXS4

エラータID: AXSA:2015-468:08

Release date: 
Thursday, September 17, 2015 - 12:05
Subject: 
firefox-38.2.1-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Description:

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

With this release, following issues have been fixed:

CVE-2015-4497
CVE-2015-4498

Solution: 

Update package.

CVEs: 
CVE-2015-4497
Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element.
CVE-2015-4498
The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a crafted data: URL and triggering navigation to an arbitrary http: or https: URL at a certain early point in the installation process.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-38.2.1-1.0.1.AXS4.src.rpm
    MD5: 6c12612095ae1f9f3bfbcb88ea682051
    SHA-256: e085fddf472db306a7a34769e102d384aa3bf8741c4411df6479ad7968f98620
    Size: 319.08 MB

Asianux Server 4 for x86
  1. firefox-38.2.1-1.0.1.AXS4.i686.rpm
    MD5: 75786b5323bddbcb7de0282c5a82139f
    SHA-256: ad99a0a7c60eb1a4d1cd2b2f6d232996981023cde2f9e51838d169e33506ee9d
    Size: 70.33 MB

Asianux Server 4 for x86_64
  1. firefox-38.2.1-1.0.1.AXS4.x86_64.rpm
    MD5: a57f6474e856ca8cc6061b7481053ed7
    SHA-256: 8b1904bef4dddbe79c186bcae89b52c9e80b380d245c4cc492550df0e24d9f37
    Size: 69.62 MB
  2. firefox-38.2.1-1.0.1.AXS4.i686.rpm
    MD5: 75786b5323bddbcb7de0282c5a82139f
    SHA-256: ad99a0a7c60eb1a4d1cd2b2f6d232996981023cde2f9e51838d169e33506ee9d
    Size: 70.33 MB