Bug 6205 - Firefox is again outdated (CVE-2015-4500)
: Firefox is again outdated (CVE-2015-4500)
Status: RESOLVED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: unspecified
: All Linux
: High critical
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on: 6218
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-20 19:22 MSD by Shalok Shalom
Modified: 2015-10-06 13:29 MSD (History)
4 users (show)

See Also:
RPM Package: firefox
ISO-related:
Bad POT generating:
Upstream:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Shalok Shalom 2015-09-20 19:22:44 MSD
Firefox 40 is released one month ago, including some security fixes, which are not part of 39.0.3. It seems to happen currently frequently:

http://forum.rosalab.ru/en/viewtopic.php?f=54&t=5104

http://forum.rosalab.ru/en/viewtopic.php?f=54&t=5926

41 get released in 2 Days.
Comment 1 Shalok Shalom 2015-09-23 18:40:41 MSD
Firefox 41, with new security fixes is available. 
Since FF is the default browser, is this a markable security hole, for that, marked as important.
Comment 2 Zombie Ryushu 2015-09-24 12:36:18 MSD
Mozilla developers and community identified and fixed several memory safety
bugs in the browser engine used in Firefox that could cause memory corruption
and crashes or potentially allow for arbitrary code execution
(CVE-2015-4500).

Using the Address Sanitizer tool, security researcher Atte Kettunen
discovered a buffer overflow in the nestegg library when decoding a WebM
format video with maliciously formatted headers. This leads to a potentially
exploitable crash (CVE-2015-4511).

An anonymous researcher reported, via HP's Zero Day Initiative, a
use-after-free vulnerability with HTML media elements on a page during script
manipulation of the URI table of these elements. This results in a
potentially exploitable crash (CVE-2015-4509).

Security researcher Mario Gomes reported that when a previously loaded image
on a page is drag and dropped into content after a redirect, the redirected
URL is available to scripts. This is a violation of the Fetch specification's
defined behavior for "Atomic HTTP redirect handling" which states that
redirected URLs are not exposed to any APIs. This can allow for information
leakage (CVE-2015-4519).

Mozilla developer Ehsan Akhgari reported two issues with Cross-origin
resource sharing (CORS) "preflight" requests. The first issue is that in some
circumstances the same cache key can be generated for two preflight requests
on a site. As a result, if a second request is made that will match the
cached key generated by an earlier request, CORS checks will be bypassed
because the system will see the previously cached request as applicable
(CVE-2015-4520). In the second issue, when some Access-Control- headers are
missing from CORS responses, the values from different Access-Control-
headers can be used that present in the same response.

Security researcher Ronald Crane reported eight vulnerabilities affecting
released code that were found through code inspection. These included several
potential memory safety issues resulting from the use of snprintf, one use of
unowned memory, one use of a string without overflow checks, and five memory
safety bugs. These do not all have clear mechanisms to be exploited through
web content but are vulnerable if a mechanism can be found to trigger them
(CVE-2015-4517, CVE-2015-4521, CVE-2015-4522, CVE-2015-7174, CVE-2015-7175,
CVE-2015-7176, CVE-2015-7177, CVE-2015-7180).
Comment 3 Vladimir Potapov 2015-09-26 17:42:58 MSD
http://bugs.rosalinux.ru/show_bug.cgi?id=6218
Comment 4 Denis Silakov 2015-10-06 13:29:58 MSD
New firefox has been published.