MGASA-2015-0115

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0115.html

Import Source

https://advisories.mageia.org/MGASA-2015-0115.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0115

Upstream

CVE-2015-0817

CVE-2015-0818

Published

2015-03-23T23:58:37Z

Modified

2026-04-16T06:25:54.505073473Z

Summary

Updated firefox packages fix security vulnerabilities

Details

A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-0817).

Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context (CVE-2015-0818).

The firefox package has been updated to version 31.5.3 to fix these issues.

Also, the nss package has been updated to version 3.18, which enables TLS and DTLS 1.2, increases the default RSA key size created by certutil to 2048 bits, and has some CA root certificate updates.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20150226.00-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0115.json"

Mageia:4 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0115.json"

Mageia:4 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.5.3-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0115.json"

Mageia:4 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.5.3-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0115.json"