firefox-45.1.0-1.0.1.AXS4

エラータID: AXSA:2016-222:04

Release date: 
Thursday, April 28, 2016 - 20:35
Subject: 
firefox-45.1.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.

Security issues fixed with this release:

CVE-2016-2805
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2806
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2807
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2808
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-2814
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-2805
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2806
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2807
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2808
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
CVE-2016-2814
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-45.1.0-1.0.1.AXS4.src.rpm
    MD5: c26c55d13be94b6094dac3c22fa94ed3
    SHA-256: ec2aa2d7848f2c7b87038cac3f8a54089e2036c4582c2a4c425c18d3a80fe224
    Size: 337.05 MB

Asianux Server 4 for x86
  1. firefox-45.1.0-1.0.1.AXS4.i686.rpm
    MD5: 133be071984b0267014ae62004ba11ae
    SHA-256: 5e6db7cbc1e1b5460c55c6dbb97e29fddafbf2e158edb52aeea5372eac18366c
    Size: 74.91 MB

Asianux Server 4 for x86_64
  1. firefox-45.1.0-1.0.1.AXS4.x86_64.rpm
    MD5: 25178e6475fe3c58d6120696176e7021
    SHA-256: 1e446a1f96f930a19bd9cc2d2feb864a880123d613a40e101ab17ce752367aba
    Size: 74.38 MB
  2. firefox-45.1.0-1.0.1.AXS4.i686.rpm
    MD5: 133be071984b0267014ae62004ba11ae
    SHA-256: 5e6db7cbc1e1b5460c55c6dbb97e29fddafbf2e158edb52aeea5372eac18366c
    Size: 74.91 MB