CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.3%
Updated firefox packages fix security vulnerabilities: A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2015-4497). A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source (CVE-2015-4498).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | firefox | < 38.2.1-1 | firefox-38.2.1-1.mga4 |
Mageia | 4 | noarch | firefox-l10n | < 38.2.1-1 | firefox-l10n-38.2.1-1.mga4 |
Mageia | 4 | noarch | nspr | < 4.10.9-1 | nspr-4.10.9-1.mga4 |
Mageia | 4 | noarch | nss | < 3.20.0-1 | nss-3.20.0-1.mga4 |
Mageia | 5 | noarch | firefox | < 38.2.1-1 | firefox-38.2.1-1.mga5 |
Mageia | 5 | noarch | firefox-l10n | < 38.2.1-1 | firefox-l10n-38.2.1-1.mga5 |
Mageia | 5 | noarch | nspr | < 4.10.9-1 | nspr-4.10.9-1.mga5 |
Mageia | 5 | noarch | nss | < 3.20.0-1 | nss-3.20.0-1.mga5 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498
mozilla.6506.n7.nabble.com/ANNOUNCE-NSPR-4-10-9-Release-td343441.html
bugs.mageia.org/show_bug.cgi?id=16666
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes
rhn.redhat.com/errata/RHSA-2015-1693.html
www.mozilla.org/en-US/security/advisories/mfsa2015-94/
www.mozilla.org/en-US/security/advisories/mfsa2015-95/
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/