firefox-24.7.0-1.0.1.AXS4
エラータID: AXSA:2014-469:03
リリース日:
2014/07/28 Monday - 16:11
題名:
firefox-24.7.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Firefox のブラウザエンジンには,リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実行する可能性のある複数の詳細不明な脆弱性があります。(CVE-2014-1547)
- Mozilla Firefox の nsDocLoader::OnProgress 関数には解放後使用脆弱性が存在し,FireOnStateChange イベントをきっかけに,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1555)
- Mozilla Firefox には,Cesium JavaScript ライブラリとともに構築され,巧妙に細工された WebGL コンテンツによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。
(CVE-2014-1556)
- Mozilla Firefox で使用されている Skia の ConvolveHorizontally 関数は,関数を実行中にイメージデータの破棄を適切に処理できず,長時間かかるイメージの拡大を引き起こすことによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1557)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-1547
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
CVE-2014-1556
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-24.7.0-1.0.1.AXS4.src.rpm
MD5: 0dec965cfbf52b78ed48df795acbf5f2
SHA-256: cdccba1bc708fe970c59dbdbebc499278ca66536cc86d08f3c37a7c8307ae78e
Size: 138.33 MB
Asianux Server 4 for x86
- firefox-24.7.0-1.0.1.AXS4.i686.rpm
MD5: 3bbb11e63f30d65b3ac4c0ec55fd2851
SHA-256: 0020ffd2a4f62a47e7bc2b0b24eee372b28a575f7fdcec9a230837a8f739a2d9
Size: 47.34 MB
Asianux Server 4 for x86_64
- firefox-24.7.0-1.0.1.AXS4.x86_64.rpm
MD5: aff334098babf0f784e357f7a9763ef8
SHA-256: e4bc1b932eeada926f569b8706f86e8f19bebe3cd5097f6408f58fa37958cb64
Size: 46.89 MB - firefox-24.7.0-1.0.1.AXS4.i686.rpm
MD5: 3bbb11e63f30d65b3ac4c0ec55fd2851
SHA-256: 0020ffd2a4f62a47e7bc2b0b24eee372b28a575f7fdcec9a230837a8f739a2d9
Size: 47.34 MB