Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Red Hat Local Security Checks
Title:RedHat Update for firefox RHSA-2015:1207-01
Summary:The remote host is missing an update for the 'firefox'; package(s) announced via the referenced advisory.
The remote host is missing an update for the 'firefox'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Mozilla Firefox is an open source web
browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727,
CVE-2015-2728, CVE-2015-2729, CVE-2015-2731, CVE-2015-2733, CVE-2015-2734,
CVE-2015-2735, CVE-2015-2736, CVE-2015-2737, CVE-2015-2738, CVE-2015-2739,

It was found that Firefox skipped key-pinning checks when handling an error
that could be overridden by the user (for example an expired certificate
error). This flaw allowed a user to override a pinned certificate, which is
an action the user should not be able to perform. (CVE-2015-2741)

A flaw was discovered in Mozilla's PDF.js PDF file viewer. When combined
with another vulnerability, it could allow execution of arbitrary code with
the privileges of the user running Firefox. (CVE-2015-2743)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bob Clary, Christian Holler, Bobby Holley, Andrew
McCreight, Terrence Cole, Steve Fink, Mats Palmgren, Wes Kocher, Andreas
Pehrson, Jann Horn, Paul Bandha, Holger Fuhrmannek, Herre, Looben Yan,
Ronald Crane, and Jonas Jenwald as the original reporters of these issues.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 38.1 ESR, which corrects these issues. After installing the
update, Firefox must be restarted for the changes to take effect.

Affected Software/OS:
firefox on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Server (v. 7),
Red Hat Enterprise Linux Workstation (v. 6)

Please Install the Updated Packages.

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-2722
BugTraq ID: 75541
RedHat Security Advisories: RHSA-2015:1207
SuSE Security Announcement: SUSE-SU-2015:1268 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1269 (Google Search)
SuSE Security Announcement: SUSE-SU-2015:1449 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search)
SuSE Security Announcement: openSUSE-SU-2015:1266 (Google Search)
Common Vulnerability Exposure (CVE) ID: CVE-2015-2724
Debian Security Information: DSA-3300 (Google Search)
Debian Security Information: DSA-3324 (Google Search)
RedHat Security Advisories: RHSA-2015:1455
Common Vulnerability Exposure (CVE) ID: CVE-2015-2725
Common Vulnerability Exposure (CVE) ID: CVE-2015-2727
Common Vulnerability Exposure (CVE) ID: CVE-2015-2728
Common Vulnerability Exposure (CVE) ID: CVE-2015-2729
Common Vulnerability Exposure (CVE) ID: CVE-2015-2731
Common Vulnerability Exposure (CVE) ID: CVE-2015-2733
Common Vulnerability Exposure (CVE) ID: CVE-2015-2734
Common Vulnerability Exposure (CVE) ID: CVE-2015-2735
Common Vulnerability Exposure (CVE) ID: CVE-2015-2736
Common Vulnerability Exposure (CVE) ID: CVE-2015-2737
Common Vulnerability Exposure (CVE) ID: CVE-2015-2738
Common Vulnerability Exposure (CVE) ID: CVE-2015-2739
Common Vulnerability Exposure (CVE) ID: CVE-2015-2740
Common Vulnerability Exposure (CVE) ID: CVE-2015-2741
Common Vulnerability Exposure (CVE) ID: CVE-2015-2743
CopyrightCopyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.