MGASA-2015-0131

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0131.html

Import Source

https://advisories.mageia.org/MGASA-2015-0131.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0131

Upstream

CVE-2015-0801

CVE-2015-0807

CVE-2015-0813

CVE-2015-0815

CVE-2015-0816

Published

2015-04-03T13:11:23Z

Modified

2026-04-16T06:24:28.633051388Z

Summary

Updated firefox & thunderbird packages fix security vulnerabilities

Details

Updated firefox and thunderbird packages fix security vulnerabilities:

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox or Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running it (CVE-2015-0801, CVE-2015-0813, CVE-2015-0815).

A flaw was found in the Beacon interface implementation in Firefox and Thunderbird. A web page containing malicious content could allow a remote attacker to conduct a Cross-Site Request Forgery (CSRF) attack (CVE-2015-0807).

A flaw was found in the way documents were loaded via resource URLs in, for example, Firefox's PDF.js PDF file viewer. An attacker could use this flaw to bypass certain restrictions and under certain conditions even execute arbitrary code with the privileges of the user running Firefox or Thunderbird (CVE-2015-0816)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4

rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20150326.00-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"

nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.18.0-1.1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"

firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.6.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"

firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.6.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"

thunderbird

Package

Name: thunderbird
Purl: pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.6.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"

thunderbird-l10n

Package

Name: thunderbird-l10n
Purl: pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

31.6.0-1.mga4

Ecosystem specific

{
    "section": "core"
}

Database specific

source

"https://advisories.mageia.org/MGASA-2015-0131.json"