firefox-38.3.0-2.0.1.el7.AXS7

エラータID: AXSA:2015-505:02

Release date: 
Friday, October 2, 2015 - 11:48
Subject: 
firefox-38.3.0-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Security issues fixed with this release:

CVE-2015-4500
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4509
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-4510
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2015-4500
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-4509
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
CVE-2015-4510
Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-38.3.0-2.0.1.el7.AXS7.src.rpm
    MD5: 06d9d0098ff12d481ac4570760729562
    SHA-256: 2c6c01eaf364aa76dfc5e9a1bc83d2bd605fbd459ec00a4572d3c14e0234ce82
    Size: 206.33 MB

Asianux Server 7 for x86_64
  1. firefox-38.3.0-2.0.1.el7.AXS7.x86_64.rpm
    MD5: 9eb8766d0f0dbb11c8ae395f6f0fb0b5
    SHA-256: ee45d3f6eb33219edd4892febdeddd32f659605b9663311f4fc9dcd4465accf1
    Size: 71.56 MB
  2. firefox-38.3.0-2.0.1.el7.AXS7.i686.rpm
    MD5: 30451c4e608e7beb6aabb8eea5b99c31
    SHA-256: 1d28003e09c1f78c9ac9ac8cb61eebbd4b30e9027207293849e381d8ca98f679
    Size: 71.75 MB