[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 730-1] firefox-esr security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : firefox-esr
Version        : 45.5.1esr-1~deb7u1
CVE ID         : CVE-2016-5290 CVE-2016-5291 CVE-2016-5296 CVE-2016-5297
                 CVE-2016-9064 CVE-2016-9066

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code or
bypass of the same-origin policy.

A man-in-the-middle attack in the addon update mechanism has been fixed.

A use-after-free vulnerability in the SVG Animation was discovered,
allowing a remote attacker to cause a denial of service (application
crash) or execute arbitrary code, if a user is tricked into opening a
specially crafted website.

For Debian 7 "Wheezy", these problems have been fixed in version
45.5.1esr-1~deb7u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJYQJnfAAoJEJ1GxIjkNoMCG9gP/3Shi1MSMCd+iL7TnQdOMIyP
y5vS8IQVJM9QvE8hBsmt46ct5hYUALjNifE3IASD7/nCxoitH2yxVLS8JHdDezj0
saPz08DSbGrJTlxy+70nHu5FagxazfFscNNhOTSFT/g51NjuFmqum0bAZp7V3wBc
A+4pVKxAlJBMKirz9RjFN+nt5NrYICuJfBZCVHKkjdH3jMsnQMlRZeVYP91csKvH
3iUNKyz6Jm4FIfXh0KAFNCk2qzjHIubx1Z25xyMiFCNsQL5bbJNtSxVA57buZWKG
wy7jgmzpBHVetxyQdG4vYMPlukVekdPvfx29ASSxFKMwZ/h/hbPGcZdVumvJbcfP
FOU46T/KYhc8KWIDhnvT3TOycsgg+ic2NdoPyr7AY6AFGXOdxMvpUCF/iFQ0I8+i
PKqBKxf/PiO/pDEYyDTzLv72Gx/nH7h0JoR2RT+8bYGR41MdnMESM2+1Sv/vqzjU
1E7OGLhkkqpeuuQofcSOXdA3mhS3u2WuiYL1RUzRb/ndM5jdhZVBZ5jSqtXH0eKx
te+QB39cnGGoTNfZrOWn8FU+CHc3ZrFJyjWz6qF880t+6g8WlwR7KSzZcCiEh7AX
9etKoHdZ3+w+xtn7SvuCwy1xw/aYUaFYj7XY94CFWZwOCBr3yDcu9vawfDF/SKs/
awpS7zVkeYHeL3g3HtHQ
=xl5E
-----END PGP SIGNATURE-----


Reply to: