firefox-38.6.1-1.0.1.el7.AXS7
エラータID: AXSA:2016-101:02
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
Security issues fixed with this release:
CVE-2016-1521
The directrun function in directmachine.cpp in Libgraphite in Graphite
2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x
before 38.6.1, does not validate a certain skip operation, which
allows remote attackers to execute arbitrary code, obtain sensitive
information, or cause a denial of service (out-of-bounds read and
application crash) via a crafted Graphite smart font.
CVE-2016-1522
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not
consider recursive load calls during a size check, which allows remote
attackers to cause a denial of service (heap-based buffer overflow) or
possibly execute arbitrary code via a crafted Graphite smart font.
CVE-2016-1523
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in
Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox
ESR 38.x before 38.6.1, mishandles a return value, which allows remote
attackers to cause a denial of service (missing initialization, NULL
pointer dereference, and application crash) via a crafted Graphite
smart font.
Update packages.
The directrun function in directmachine.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not validate a certain skip operation, which allows remote attackers to execute arbitrary code, obtain sensitive information, or cause a denial of service (out-of-bounds read and application crash) via a crafted Graphite smart font.
Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, does not consider recursive load calls during a size check, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via a crafted Graphite smart font.
The SillMap::readFace function in FeatureMap.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.6.1, mishandles a return value, which allows remote attackers to cause a denial of service (missing initialization, NULL pointer dereference, and application crash) via a crafted Graphite smart font.
N/A
SRPMS
- firefox-38.6.1-1.0.1.el7.AXS7.src.rpm
MD5: c6f91f7ea843b491196a37c4637ac83a
SHA-256: bc25e179f30ff9c94a71d6756eda7937b9a19e7f9af8053205d48bbda08b76e8
Size: 305.54 MB
Asianux Server 7 for x86_64
- firefox-38.6.1-1.0.1.el7.AXS7.x86_64.rpm
MD5: 42a342f9e061c2a9d1a2a957c5be758c
SHA-256: 60fe1d0a7d182995651ddcece7f1c649f200f238112edea4c5637e444287935a
Size: 71.56 MB - firefox-38.6.1-1.0.1.el7.AXS7.i686.rpm
MD5: 7bdaa736cacf5adb9c6ba19e9cb40aa9
SHA-256: eeaf7f0d8b5dd2c835b72dcdc6ad45b94299c7ace12b62e969d982c89850e530
Size: 71.78 MB