[oi-dev] Security awareness: Update to Firefox 38.2.1 ESR or greater
ken mays
maybird1776 at yahoo.com
Thu Oct 22 12:40:34 UTC 2015
URL: http://ftp.mozilla.org/pub/firefox/releases/38.2.1esr/contrib/
Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.
A flaw was found in the processing of malformed web content. A web page
containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2015-4497)
A flaw was found in the way Firefox handled installation of add-ons.
An attacker could use this flaw to bypass the add-on installation prompt,
and trick the user into installing an add-on from a malicious source.
(CVE-2015-4498)
All Firefox users should upgrade to Firefox version 38.2.1 ESR or greater, whichcorrects these issues. After installing the update, Firefox must be restartedfor the changes to take effect.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://openindiana.org/pipermail/oi-dev/attachments/20151022/9733f540/attachment-0004.html>
More information about the oi-dev
mailing list