On Sat, 2015-08-08 at 03:31 +0000, Pat Riehecky wrote: > Synopsis: Important: firefox security update > Advisory ID: SLSA-2015:1581-1 > Issue Date: 2015-08-07 > CVE Numbers: CVE-2015-4495 > -- > > A flaw was discovered in Mozilla Firefox that could be used to violate the > same-origin policy and inject web script into a non-privileged part of the > built-in PDF file viewer (PDF.js). An attacker could create a malicious > web page that, when viewed by a victim, could steal arbitrary files > (including private SSH keys, the /etc/passwd file, and other potentially > sensitive files) from the system running Firefox. (CVE-2015-4495) > > After installing the update, Firefox must be restarted for the changes > to take effect. > -- > > SL5 > x86_64 > firefox-38.1.1-1.el5_11.i386.rpm > firefox-38.1.1-1.el5_11.x86_64.rpm > firefox-debuginfo-38.1.1-1.el5_11.i386.rpm > firefox-debuginfo-38.1.1-1.el5_11.x86_64.rpm > i386 > firefox-38.1.1-1.el5_11.i386.rpm > firefox-debuginfo-38.1.1-1.el5_11.i386.rpm > SL6 > x86_64 > firefox-38.1.1-1.el6_7.x86_64.rpm > firefox-debuginfo-38.1.1-1.el6_7.x86_64.rpm > firefox-38.1.1-1.el6_7.i686.rpm > firefox-debuginfo-38.1.1-1.el6_7.i686.rpm > i386 > firefox-38.1.1-1.el6_7.i686.rpm > firefox-debuginfo-38.1.1-1.el6_7.i686.rpm > SL7 > x86_64 > firefox-38.1.1-1.el7_1.x86_64.rpm > firefox-debuginfo-38.1.1-1.el7_1.x86_64.rpm > firefox-38.1.1-1.el7_1.i686.rpm > firefox-debuginfo-38.1.1-1.el7_1.i686.rpm > > - Scientific Linux Development Team
Hi, Seems the 6x repo has not been updated for inclusion of this update as none showing on a clean 'yum update' though the rpm is there. Regards Phil -- Twitter: @philwyett Jappix (xmpp chat): [email protected]
signature.asc
Description: This is a digitally signed message part
