firefox-45.1.0-1.0.1.el7.AXS7

エラータID: AXSA:2016-221:04

Release date: 
Thursday, April 28, 2016 - 18:47
Subject: 
firefox-45.1.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Security issues fixed with this release:

CVE-2016-2805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2806
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2807
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2808
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2814
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-2805
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2806
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2807
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
CVE-2016-2814
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-45.1.0-1.0.1.el7.AXS7.src.rpm
    MD5: 5750d2535488a465b582f23f6c777daa
    SHA-256: f0ab99cdde64ed429d290b528386e4cd5c3c62fa1f13e8c757ad833c94eaa07e
    Size: 337.05 MB

Asianux Server 7 for x86_64
  1. firefox-45.1.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: e2ec1936ee236d26c0027fc4d4fc305f
    SHA-256: 5a8d593fcabfb50083f33ce637fadbb7ab8c05beb97ad547f2ddcfc55b6cf633
    Size: 76.44 MB
  2. firefox-45.1.0-1.0.1.el7.AXS7.i686.rpm
    MD5: ae2d1b1c195caa9b3f205a519d712f39
    SHA-256: 8189b94466ef126a19f1e87c1e8041ed7ca43492e20b4dc6c9f731e6906df7a9
    Size: 76.73 MB