firefox-24.7.0-1.0.1.AXS3
エラータID: AXSA:2014-477:04
リリース日:
2014/08/04 Monday - 18:37
題名:
firefox-24.7.0-1.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86_64
Asianux Server 3 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Mozilla Firefox のブラウザエンジンには,リモートの攻撃者がサービス拒否 (メモリ破壊とアプリケーションのクラッシュ) を引き起こす,あるいは任意のコードを実行する可能性のある複数の詳細不明な脆弱性があります。(CVE-2014-1547)
- Mozilla Firefox の nsDocLoader::OnProgress 関数には解放後使用脆弱性が存在し,FireOnStateChange イベントをきっかけに,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1555)
- Mozilla Firefox には,Cesium JavaScript ライブラリとともに構築され,巧妙に細工された WebGL コンテンツによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。
(CVE-2014-1556)
- Mozilla Firefox で使用されている Skia の ConvolveHorizontally 関数は,関数を実行中にイメージデータの破棄を適切に処理できず,長時間かかるイメージの拡大を引き起こすことによって,リモートの攻撃者が任意のコードを実行する脆弱性があります。(CVE-2014-1557)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2014-1547
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2014-1555
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
Use-after-free vulnerability in the nsDocLoader::OnProgress function in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allows remote attackers to execute arbitrary code via vectors that trigger a FireOnStateChange event.
CVE-2014-1556
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to execute arbitrary code via crafted WebGL content constructed with the Cesium JavaScript library.
CVE-2014-1557
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
The ConvolveHorizontally function in Skia, as used in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, does not properly handle the discarding of image data during function execution, which allows remote attackers to execute arbitrary code by triggering prolonged image scaling, as demonstrated by scaling of a high-quality image.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-24.7.0-1.0.1.AXS3.src.rpm
MD5: 6f6842ee7709eebb520dcae73e9e5ccd
SHA-256: 5d01aa26a1588bbeaaaf7caa625f8735bce16f785feb66ad728af1c141f55497
Size: 138.79 MB
Asianux Server 3 for x86
- firefox-24.7.0-1.0.1.AXS3.i386.rpm
MD5: 136104adf68e5bd3e84f97e3f87c449f
SHA-256: b5044b808abb56b87545137b5c41a94fbffbb421855c49ba8f663f85dd6b4717
Size: 49.68 MB
Asianux Server 3 for x86_64
- firefox-24.7.0-1.0.1.AXS3.x86_64.rpm
MD5: bde8f504f77a3a3b6273abbb5ce694a1
SHA-256: f580126c9b35e8e233fb2d468681b599f67a40724c25ee851219561bda9f0736
Size: 50.80 MB