Oval Definition:oval:org.mitre.oval:def:24349
Revision Date:2014-07-21Version:12
Title:ELSA-2014:0448: firefox security update (Critical)
Description:Mozilla Firefox is an open source web browser.Several flaws were found in the processing of malformed web content. A webpage containing malicious content could cause Firefox to crash or,potentially, execute arbitrary code with the privileges of the user runningFirefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)A use-after-free flaw was found in the way Firefox resolved hosts incertain circumstances. An attacker could use this flaw to crash Firefox or,potentially, execute arbitrary code with the privileges of the user runningFirefox. (CVE-2014-1532)An out-of-bounds read flaw was found in the way Firefox decoded JPEGimages. Loading a web page containing a specially crafted JPEG image couldcause Firefox to crash. (CVE-2014-1523)A flaw was found in the way Firefox handled browser navigations throughhistory. An attacker could possibly use this flaw to cause the address barof the browser to display a web page name while loading content from anentirely different web page, which could allow for cross-site scripting(XSS) attacks. (CVE-2014-1530)Red Hat would like to thank the Mozilla project for reporting these issues.Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, GaryKwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and JesseSchwartzentrube as the original reporters of these issues.For technical details regarding these flaws, refer to the Mozilla securityadvisories for Firefox 24.5.0 ESR. You can find a link to the Mozillaadvisories in the References section of this erratum.All Firefox users should upgrade to this updated package, which containsFirefox version 24.5.0 ESR, which corrects these issues. After installingthe update, Firefox must be restarted for the changes to take effect.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532
ELSA-2014:0448-00
Platform(s):Oracle Linux 5
Oracle Linux 6
Product(s):firefox
Definition Synopsis
  • rpm test
  • Oracle Linux 5.x
  • AND firefox is earlier than 0:24.5.0-1.el5_10
  • OR rpm test
  • firefox is earlier than 0:24.5.0-1.el6_5
  • AND Oracle Linux 6.x
  • BACK