Critical CentOS firefox Security Update

Metadata

high
7.5
firefox-45.4.0-1.el5.centos.i386.rpm, firefox-45.4.0-1.el5.centos.src.rpm, firefox-45.4.0-1.el5.centos.x86_64.rpm, firefox-45.4.0-1.el6.centos.i686.rpm, firefox-45.4.0-1.el6.centos.src.rpm, firefox-45.4.0-1.el6.centos.x86_64.rpm, firefox-45.4.0-1.el7.centos.i686.rpm, firefox-45.4.0-1.el7.centos.src.rpm, firefox-45.4.0-1.el7.centos.x86_64.rpm
CVE-2016-5250, CVE-2016-5257, CVE-2016-5261, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5278, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284
rhn.redhat.com, lists.centos.org, lists.centos.org, lists.centos.org
2016-09-22
2017-07-27 19:11
Important CentOS thunderbird Security Update
CVE-2016-5277 firefox-esr
CVE-2016-5278 firefox-esr
CVE-2016-5280 firefox
CVE-2016-5257 firefox
CVE-2016-5281 firefox
CVE-2016-5272 firefox-esr
CVE-2016-5270 firefox-esr
CVE-2016-5274 firefox-esr
CVE-2016-5257 icedove
CVE-2016-5276 firefox-esr
CVE-2016-5261 firefox-esr
CVE-2016-5278 firefox
CVE-2016-5284 firefox
CVE-2016-5261 firefox
CVE-2016-5250 firefox
CVE-2016-5250 firefox-esr
CVE-2016-5281 firefox-esr
CVE-2016-5270 firefox
CVE-2016-5257 firefox-esr
CVE-2016-5276 firefox
CVE-2016-5277 firefox
CVE-2016-5274 firefox
CVE-2016-5280 firefox-esr
CVE-2016-5284 firefox-esr
CVE-2016-5272 firefox
CVE-2016-5257
CVE-2016-5280
CVE-2016-5270
CVE-2016-5250
CVE-2016-5274
CVE-2016-5284
CVE-2016-5261
CVE-2016-5277
CVE-2016-5281
CVE-2016-5272
CVE-2016-5278
CVE-2016-5276
2017-04-01 19:10
2017-01-05 20:14

Description


An update for firefox is now available for Red Hat Enterprise Linux 5, Red Hat Enterprise Linux 6, and Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.4.0 ESR.

Security Fix(es):

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-5257, CVE-2016-5278, CVE-2016-5270, CVE-2016-5272, CVE-2016-5274, CVE-2016-5276, CVE-2016-5277, CVE-2016-5280, CVE-2016-5281, CVE-2016-5284, CVE-2016-5250, CVE-2016-5261)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Samuel GroƟ, Brian Carpenter, Mei Wang, Ryan Duff, Catalin Dumitru, Mozilla developers, Christoph Diehl, Andrew McCreight, Dan Minor, Byron Campen, Jon Coppeard, Steve Fink, Tyson Smith, Philipp, Carsten Book, Abhishek Arya, Atte Kettunen, and Nils as the original reporters.
Please see https://www.redhat.com/footer/terms-of-use.html

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
5 firefox firefox-45.4.0-1.el5.centos.i386.rpm
firefox firefox-45.4.0-1.el5.centos.src.rpm
firefox firefox-45.4.0-1.el5.centos.x86_64.rpm
6 firefox firefox-45.4.0-1.el6.centos.i686.rpm
firefox firefox-45.4.0-1.el6.centos.src.rpm
firefox firefox-45.4.0-1.el6.centos.x86_64.rpm
7 firefox firefox-45.4.0-1.el7.centos.i686.rpm
firefox firefox-45.4.0-1.el7.centos.src.rpm
firefox firefox-45.4.0-1.el7.centos.x86_64.rpm