Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Critical: firefox security and bug fix update

Related Vulnerabilities: CVE-2014-8634   CVE-2014-8638   CVE-2014-8639   CVE-2014-8641   CVE-2014-8639   CVE-2014-8638   CVE-2014-8634   CVE-2014-8641  

Source

Synopsis

Critical: firefox security and bug fix update

Type/Severity

Security Advisory: Critical

Topic

Updated firefox packages that fix multiple security issues and one bug are
now available for Red Hat Enterprise Linux 5, 6, and 7.

Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.

Description

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-8634, CVE-2014-8639, CVE-2014-8641)

It was found that the Beacon interface implementation in Firefox did not
follow the Cross-Origin Resource Sharing (CORS) specification. A web page
containing malicious content could allow a remote attacker to conduct a
Cross-Site Request Forgery (XSRF) attack. (CVE-2014-8638)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, Patrick McManus, Muneaki Nishimura,
Xiaofeng Zheng, and Mitchell Harper as the original reporters of these
issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 31.4.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

This update also fixes the following bug:

  • The default dictionary for Firefox's spell checker is now correctly set
    to the system's locale language. (BZ#643954, BZ#1150572)

All Firefox users should upgrade to these updated packages, which contain
Firefox version 31.4.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at
https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux Server 7 x86_64
  • Red Hat Enterprise Linux Server 6 x86_64
  • Red Hat Enterprise Linux Server 6 i386
  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Server 5 ia64
  • Red Hat Enterprise Linux Server 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support 6.6 i386
  • Red Hat Enterprise Linux Server - AUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.3 x86_64
  • Red Hat Enterprise Linux Server - AUS 6.6 x86_64
  • Red Hat Enterprise Linux Workstation 7 x86_64
  • Red Hat Enterprise Linux Workstation 6 x86_64
  • Red Hat Enterprise Linux Workstation 6 i386
  • Red Hat Enterprise Linux Workstation 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 i386
  • Red Hat Enterprise Linux Desktop 7 x86_64
  • Red Hat Enterprise Linux Desktop 6 x86_64
  • Red Hat Enterprise Linux Desktop 6 i386
  • Red Hat Enterprise Linux Desktop 5 x86_64
  • Red Hat Enterprise Linux Desktop 5 i386
  • Red Hat Enterprise Linux for IBM z Systems 7 s390x
  • Red Hat Enterprise Linux for IBM z Systems 6 s390x
  • Red Hat Enterprise Linux for IBM z Systems 5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 6.6 s390x
  • Red Hat Enterprise Linux for Power, big endian 7 ppc64
  • Red Hat Enterprise Linux for Power, big endian 6 ppc64
  • Red Hat Enterprise Linux for Power, big endian 5 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 6.6 ppc64
  • Red Hat Enterprise Linux for Scientific Computing 7 x86_64
  • Red Hat Enterprise Linux for Scientific Computing 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 7 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 x86_64
  • Red Hat Enterprise Linux Server from RHUI 6 i386
  • Red Hat Enterprise Linux Server from RHUI 5 x86_64
  • Red Hat Enterprise Linux Server from RHUI 5 i386
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.6 x86_64
  • Red Hat Enterprise Linux Server - Extended Update Support from RHUI 6.6 i386
  • Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
  • Red Hat Enterprise Linux EUS Compute Node 6.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 7.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
  • Red Hat Enterprise Linux Server - TUS 7.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.3 x86_64
  • Red Hat Enterprise Linux Server - TUS 6.6 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
  • Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

  • BZ - 643954 - default spellchecker dictionary is not correct for firefox
  • BZ - 1150572 - default spellchecker dictionary is not correct for firefox
  • BZ - 1180962 - CVE-2014-8634 Mozilla: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
  • BZ - 1180966 - CVE-2014-8638 Mozilla: sendBeacon requests lack an Origin header (MFSA 2015-03)
  • BZ - 1180967 - CVE-2014-8639 Mozilla: Cookie injection through Proxy Authenticate responses (MFSA 2015-04)
  • BZ - 1180973 - CVE-2014-8641 Mozilla: Read-after-free in WebRTC (MFSA 2015-06)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started