| Descripción: | Summary:
The remote host is missing an update for the 'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) announced via the MGASA-2014-0201 advisory.
Vulnerability Insight:
Updated firefox and thunderbird packages fix security vulnerabilities:
Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox or Thunderbird to
crash or, potentially, execute arbitrary code with the privileges of the
user running it (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529,
CVE-2014-1531).
A use-after-free flaw was found in the way Firefox and Thunderbird resolved
hosts in certain circumstances. An attacker could use this flaw to crash
Firefox or Thunderbird or, potentially, execute arbitrary code with the
privileges of the user running it (CVE-2014-1532).
An out-of-bounds read flaw was found in the way Firefox and Thunderbird
decoded JPEG images. Loading a web page containing a specially crafted JPEG
image could cause Firefox or Thunderbird to crash (CVE-2014-1523).
A flaw was found in the way Firefox and Thunderbird handled browser
navigations through history. An attacker could possibly use this flaw to
cause the address bar of the browser to display a web page name while
loading content from an entirely different web page, which could allow for
cross-site scripting (XSS) attacks (CVE-2014-1530).
Affected Software/OS:
'firefox, firefox-l10n, thunderbird, thunderbird-l10n' package(s) on Mageia 3, Mageia 4.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
