MGASA-2015-0427

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0427.html

Import Source

https://advisories.mageia.org/MGASA-2015-0427.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0427

Related

CVE-2015-4513
CVE-2015-7181
CVE-2015-7182
CVE-2015-7183
CVE-2015-7188
CVE-2015-7189
CVE-2015-7193
CVE-2015-7194
CVE-2015-7196
CVE-2015-7197
CVE-2015-7198

Published

2015-11-04T18:03:05Z

Modified

2015-11-04T17:56:00Z

Summary

Updated firefox, nspr, nss packages fix security vulnerability

Details

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196, CVE-2015-7198, CVE-2015-7197)

A same-origin policy bypass flaw was found in the way Firefox handled certain cross-origin resource sharing (CORS) requests. A web page containing malicious content could cause Firefox to disclose sensitive information. (CVE-2015-7193)

A same-origin policy bypass flaw was found in the way Firefox handled URLs containing IP addresses with white-space characters. This could lead to cross-site scripting attacks. (CVE-2015-7188)

A use-after-poison flaw and a heap-based buffer overflow flaw were found in the way NSS parsed certain ASN.1 structures. An attacker could use these flaws to cause NSS to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSS library. (CVE-2015-7181, CVE-2015-7182)

A heap-based buffer overflow was found in NSPR. An attacker could use this flaw to cause NSPR to crash or execute arbitrary code with the permissions of the user running an application compiled against the NSPR library. (CVE-2015-7183)

Note: Applications using NSPR's PLARENAALLOCATE, PRARENAALLOCATE, PLARENAGROW, or PRARENAGROW macros need to be rebuilt against the fixed nspr packages to completely resolve the CVE-2015-7183 issue.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / firefox

Package

Name: firefox
Purl: pkg:rpm/mageia/firefox?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

38.4.0-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / firefox-l10n

Package

Name: firefox-l10n
Purl: pkg:rpm/mageia/firefox-l10n?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

38.4.0-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nspr

Package

Name: nspr
Purl: pkg:rpm/mageia/nspr?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.10.10-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / nss

Package

Name: nss
Purl: pkg:rpm/mageia/nss?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20.1-1.mga5

Ecosystem specific

{
    "section": "core"
}

Mageia:5 / rootcerts

Package

Name: rootcerts
Purl: pkg:rpm/mageia/rootcerts?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20151029.00-1.mga5

Ecosystem specific

{
    "section": "core"
}