firefox-38.5.0-2.0.1.AXS4

エラータID: AXSA:2015-961:11

Release date: 
Friday, December 18, 2015 - 19:39
Subject: 
firefox-38.5.0-2.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Security issues fixed with this release:

CVE-2015-7201
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
CVE-2015-7205
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might
allow remote attackers to obtain sensitive information, cause a denial
of service, or possibly have unspecified other impact by triggering a
crafted WebRTC RTP packet.
CVE-2015-7210
Use-after-free vulnerability in Mozilla Firefox before 43.0 and
Firefox ESR 38.x before 38.5 allows remote attackers to execute
arbitrary code by triggering attempted use of a data channel that has
been closed by a WebRTC function.
CVE-2015-7212
Integer overflow in the
mozilla::layers::BufferTextureClient::AllocateForSurface function in
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows
remote attackers to execute arbitrary code by triggering a graphics
operation that requires a large texture allocation.
CVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in
MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0
and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote
attackers to execute arbitrary code via a crafted MP4 video file that
triggers a buffer overflow.
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow
remote attackers to bypass the Same Origin Policy via data: and
view-source: URIs.
CVE-2015-7222
Integer underflow in the Metadata::setData function in MetaData.cpp in
libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.5 allows remote attackers to execute arbitrary code or cause
a denial of service (incorrect memory allocation and application
crash) via an MP4 video file with crafted covr metadata that triggers
a buffer overflow.

Solution: 

Update packages.

CVEs: 
CVE-2015-7201
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2015-7205
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
CVE-2015-7210
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
CVE-2015-7212
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
CVE-2015-7213
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
CVE-2015-7214
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
CVE-2015-7222
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-38.5.0-2.0.1.AXS4.src.rpm
    MD5: d7660a6591195c615b9ca81f67008324
    SHA-256: 7ac83cb369bc68576f0a7e46d67de1ecc5ea57c900a4dc357b99d7a2c44a9cfd
    Size: 319.71 MB

Asianux Server 4 for x86
  1. firefox-38.5.0-2.0.1.AXS4.i686.rpm
    MD5: bb0583dc3fff67426043bdc1121e4cb3
    SHA-256: 87d8f7033fb4c83c25ad7a8f4e1e4bb8e28da18f9b41f779fff7b6bda5297367
    Size: 70.35 MB

Asianux Server 4 for x86_64
  1. firefox-38.5.0-2.0.1.AXS4.x86_64.rpm
    MD5: 15ca698bff163f7376f25a57a56b38d3
    SHA-256: e465aa36c2492a3a39dc006e6b64acbc10a216ff0c83cccfb7935e2e25d930e8
    Size: 69.63 MB
  2. firefox-38.5.0-2.0.1.AXS4.i686.rpm
    MD5: bb0583dc3fff67426043bdc1121e4cb3
    SHA-256: 87d8f7033fb4c83c25ad7a8f4e1e4bb8e28da18f9b41f779fff7b6bda5297367
    Size: 70.35 MB