{"id":"MGASA-2015-0427","summary":"Updated firefox, nspr, nss packages fix security vulnerability","details":"Several flaws were found in the processing of malformed web content. A web\npage containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user running\nFirefox. (CVE-2015-4513, CVE-2015-7189, CVE-2015-7194, CVE-2015-7196,\nCVE-2015-7198, CVE-2015-7197)\n\nA same-origin policy bypass flaw was found in the way Firefox handled\ncertain cross-origin resource sharing (CORS) requests. A web page\ncontaining malicious content could cause Firefox to disclose sensitive\ninformation. (CVE-2015-7193)\n\nA same-origin policy bypass flaw was found in the way Firefox handled URLs\ncontaining IP addresses with white-space characters. This could lead to\ncross-site scripting attacks. (CVE-2015-7188)\n\nA use-after-poison flaw and a heap-based buffer overflow flaw were found in\nthe way NSS parsed certain ASN.1 structures. An attacker could use these\nflaws to cause NSS to crash or execute arbitrary code with the permissions\nof the user running an application compiled against the NSS library.\n(CVE-2015-7181, CVE-2015-7182)\n\nA heap-based buffer overflow was found in NSPR. An attacker could use this\nflaw to cause NSPR to crash or execute arbitrary code with the permissions\nof the user running an application compiled against the NSPR library.\n(CVE-2015-7183)\n\nNote: Applications using NSPR's PL_ARENA_ALLOCATE, PR_ARENA_ALLOCATE,\nPL_ARENA_GROW, or PR_ARENA_GROW macros need to be rebuilt against the fixed\nnspr packages to completely resolve the CVE-2015-7183 issue.\n","modified":"2026-04-16T01:49:01.420233294Z","published":"2015-11-04T18:03:05Z","upstream":["CVE-2015-4513","CVE-2015-7181","CVE-2015-7182","CVE-2015-7183","CVE-2015-7188","CVE-2015-7189","CVE-2015-7193","CVE-2015-7194","CVE-2015-7196","CVE-2015-7197","CVE-2015-7198"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0427.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=17079"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2015-1981.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2015-1982.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.4.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0427.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"38.4.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0427.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.10.10-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0427.json"}},{"package":{"name":"nss","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.20.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0427.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20151029.00-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0427.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}