MGASA-2015-0025

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0025.html

Import Source

https://advisories.mageia.org/MGASA-2015-0025.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0025

Upstream

CVE-2014-8634

CVE-2014-8638

CVE-2014-8639

CVE-2014-8641

Published

2015-01-17T22:31:08Z

Modified

2026-04-16T06:23:54.087145426Z

Summary

Updated firefox and thunderbird packages fixes security vulnerabilities

Details

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2014-8634).

It was found that the Beacon interface implementation in Firefox and Thunderbird did not follow the Cross-Origin Resource Sharing (CORS) specification. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (XSRF) attack (CVE-2014-8638).

It was found that a Web Proxy returning a 407 Proxy Authentication response with a Set-Cookie header could inject cookies into the originally requested domain. This could be used for session-fixation attacks. This attack only allows cookies to be written but does not allow them to be read (CVE-2014-8639).

Security researcher Mitchell Harper discovered a read-after-free in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior. Note that this issue only affects Firefox (CVE-2014-8641).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.4.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0025.json"

Mageia:4 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.4.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0025.json"

Mageia:4 / thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.4.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0025.json"

Mageia:4 / thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.4.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0025.json"