firefox-45.5.0-1.0.1.el7.AXS7
エラータID: AXSA:2016-946:08
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
Security issues fixed with this release:
CVE-2016-5290
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5291
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5296
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-5297
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9064
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9066
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50.
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
N/A
SRPMS
- firefox-45.5.0-1.0.1.el7.AXS7.src.rpm
MD5: 6c4ac0b36d42176ad18b7e647e2c5916
SHA-256: 7310718add81db8c4c0b9e7b708a668f17bc960ece3f311a81a0d9d8d6481814
Size: 337.50 MB
Asianux Server 7 for x86_64
- firefox-45.5.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: 9419735656a93e170e9bcb3db2130014
SHA-256: aa0d9e849855445f1aee506f9c1886329020b7a507be82d38bf2911007e501b2
Size: 76.38 MB - firefox-45.5.0-1.0.1.el7.AXS7.i686.rpm
MD5: 090c6fcec9988327f1a6c898c712fbc7
SHA-256: 72e971cf8d6e0081bf7683f920d9b59f5c3d8fc1226550c9dbe58fc3d43df5c1
Size: 76.68 MB
日本語