Red Hat Customer Portal

Skip to main content

Security Advisory Critical: firefox security update

Advisory: RHSA-2014:0448-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-04-29
Last updated on: 2014-04-29
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-1518
CVE-2014-1523
CVE-2014-1524
CVE-2014-1529
CVE-2014-1530
CVE-2014-1531
CVE-2014-1532

Details

An updated firefox package that fixes several security issues is now
available for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having Critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Firefox is an open source web browser.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1518, CVE-2014-1524, CVE-2014-1529, CVE-2014-1531)

A use-after-free flaw was found in the way Firefox resolved hosts in
certain circumstances. An attacker could use this flaw to crash Firefox or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1532)

An out-of-bounds read flaw was found in the way Firefox decoded JPEG
images. Loading a web page containing a specially crafted JPEG image could
cause Firefox to crash. (CVE-2014-1523)

A flaw was found in the way Firefox handled browser navigations through
history. An attacker could possibly use this flaw to cause the address bar
of the browser to display a web page name while loading content from an
entirely different web page, which could allow for cross-site scripting
(XSS) attacks. (CVE-2014-1530)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Bobby Holley, Carsten Book, Christoph Diehl, Gary
Kwong, Jan de Mooij, Jesse Ruderman, Nathan Froyd, Christian Holler,
Abhishek Arya, Mariusz Mlynski, moz_bug_r_a4, Nils, Tyson Smith, and Jesse
Schwartzentrube as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.5.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to this updated package, which contains
Firefox version 24.5.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-24.5.0-1.el5_10.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 6ccf02ab74b9fec2e4ab356cc66ab631
SHA-256: f8e411ab48390c4ab93940a4a89b9e9cf91efbac81822af2856665171ab4c5a5
 
IA-32:
firefox-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9aeba26e217b10db27410dcf5b058b38
SHA-256: c87957cfbe713a9aa86e0c0c00d430f8aa752af9a843d7f10483d3d2d100bc4f
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: a754c4240af291e2e56715014b03e753
SHA-256: b040c594357bf8db8463856bfd32a64d2f30a13fbcd8c5c6eb1d9a62b050c663
 
IA-64:
firefox-24.5.0-1.el5_10.ia64.rpm
File outdated by:  RHSA-2015:0766
    MD5: d861c2ccc4641d9add4a442c1b5af098
SHA-256: 0e3ae1e57bc5dcb7957d972cfe7c8208ba6fc572d96a2e75568fc1f27ca29b04
firefox-debuginfo-24.5.0-1.el5_10.ia64.rpm
File outdated by:  RHSA-2015:0766
    MD5: 1a1e3a61a0695835385cd4f5122972b1
SHA-256: 3cdc142bfa2d3a8e65ed87dd626e8f0859ad35801823a4862c1fdf0d51bf86e5
 
PPC:
firefox-24.5.0-1.el5_10.ppc.rpm     MD5: 221fc77bb043c1b2c1a1450bbf9914da
SHA-256: ad47fc81b3543a1f802148b05b26e14da39d58dcdc9b311722dafc1af28e0382
firefox-debuginfo-24.5.0-1.el5_10.ppc.rpm     MD5: 68e4251860e97ef81333ca3e61602964
SHA-256: 72fea78b327bc8f6d9f23a4f3a74420233c8d013445631a07727b4cedd7e5293
 
s390x:
firefox-24.5.0-1.el5_10.s390.rpm
File outdated by:  RHSA-2016:1217
    MD5: a66f169e25317b6f483c1aa26c2fb6bc
SHA-256: 37b8a2fa8d04e161101127bb571e77253f1b23e6e88f7e3c20cfac2bcd267856
firefox-24.5.0-1.el5_10.s390x.rpm
File outdated by:  RHSA-2016:1217
    MD5: 006cce901e601f3fa523fb03c149105f
SHA-256: 41e9b43bcc1c950fac3ed3751c35e83fd3b558fa62b872e259b40c9d5b3d634e
firefox-debuginfo-24.5.0-1.el5_10.s390.rpm
File outdated by:  RHSA-2016:1217
    MD5: ef106e0a3adebc81ecee9bd77d7a93d6
SHA-256: 7ddda7da1592090128bbceea0377b6155d04848d14f508b8e84be9537820925f
firefox-debuginfo-24.5.0-1.el5_10.s390x.rpm
File outdated by:  RHSA-2016:1217
    MD5: 3376bb144780f2390844d13c23b12755
SHA-256: 579a6b0606d9eb2b4b2d14cf48e6a909a2d14729814cd88a37b1c8d0725cf457
 
x86_64:
firefox-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9aeba26e217b10db27410dcf5b058b38
SHA-256: c87957cfbe713a9aa86e0c0c00d430f8aa752af9a843d7f10483d3d2d100bc4f
firefox-24.5.0-1.el5_10.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 15100a3fa98209b85c85532c23539dcf
SHA-256: 679d41b46773f7bd37ca9c4ada19f4c44d1504f7d240118c185dcd3f96566311
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: a754c4240af291e2e56715014b03e753
SHA-256: b040c594357bf8db8463856bfd32a64d2f30a13fbcd8c5c6eb1d9a62b050c663
firefox-debuginfo-24.5.0-1.el5_10.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: d0a8f119b6ca52b1980dfb4bf1074d8c
SHA-256: ab25f88cfe61b9cea1df68846cda460afd80d2d9cb052132898e35b4898cd08c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-24.5.0-1.el5_10.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 6ccf02ab74b9fec2e4ab356cc66ab631
SHA-256: f8e411ab48390c4ab93940a4a89b9e9cf91efbac81822af2856665171ab4c5a5
 
IA-32:
firefox-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9aeba26e217b10db27410dcf5b058b38
SHA-256: c87957cfbe713a9aa86e0c0c00d430f8aa752af9a843d7f10483d3d2d100bc4f
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: a754c4240af291e2e56715014b03e753
SHA-256: b040c594357bf8db8463856bfd32a64d2f30a13fbcd8c5c6eb1d9a62b050c663
 
x86_64:
firefox-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9aeba26e217b10db27410dcf5b058b38
SHA-256: c87957cfbe713a9aa86e0c0c00d430f8aa752af9a843d7f10483d3d2d100bc4f
firefox-24.5.0-1.el5_10.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 15100a3fa98209b85c85532c23539dcf
SHA-256: 679d41b46773f7bd37ca9c4ada19f4c44d1504f7d240118c185dcd3f96566311
firefox-debuginfo-24.5.0-1.el5_10.i386.rpm
File outdated by:  RHSA-2016:1217
    MD5: a754c4240af291e2e56715014b03e753
SHA-256: b040c594357bf8db8463856bfd32a64d2f30a13fbcd8c5c6eb1d9a62b050c663
firefox-debuginfo-24.5.0-1.el5_10.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: d0a8f119b6ca52b1980dfb4bf1074d8c
SHA-256: ab25f88cfe61b9cea1df68846cda460afd80d2d9cb052132898e35b4898cd08c
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
IA-32:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm     MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm     MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
IA-32:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
 
PPC:
firefox-24.5.0-1.el6_5.ppc.rpm     MD5: af49b91c2754c03b90d0e73eb6daccda
SHA-256: 4e640fb0eb5546215e85a2fcde4a6662b17001cd8655ed28f22d14b5fe60c9e1
firefox-24.5.0-1.el6_5.ppc64.rpm
File outdated by:  RHSA-2016:1217
    MD5: b9e5150f1da639a29faef5f050e6b254
SHA-256: adb41ce1bc674f19795230b8afef1b36a1bc668d1b51e51d6961a877f6db4a7a
firefox-debuginfo-24.5.0-1.el6_5.ppc.rpm     MD5: 5d2fa602179de2907b2020c1d9e3c080
SHA-256: 6414ff53bde30c4b27dea3cab9ea0d303ad76b8edcbfe4bf8e4f66d2e3b846de
firefox-debuginfo-24.5.0-1.el6_5.ppc64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 83200248bcb58afc9782d997aae2c567
SHA-256: cbaf772934e284578f2bf45a6ccac614d6f17d22bda3bbb3afbd32841fda9e9c
 
s390x:
firefox-24.5.0-1.el6_5.s390.rpm     MD5: 7e46e45794ad61c5feec26209599cb8b
SHA-256: d307a0ce617786c5258ccf440916c5653461e2ae6624e71b1ab3a6f6cc170f00
firefox-24.5.0-1.el6_5.s390x.rpm
File outdated by:  RHSA-2016:1217
    MD5: 92732f27a975bd539a2aa4e169d6e071
SHA-256: 87c27745539a020ea49d287677589a87efa2f30fa3299344073e44ae0c25d1e8
firefox-debuginfo-24.5.0-1.el6_5.s390.rpm     MD5: 2eeeb5ff90581303bb5de59e81460fae
SHA-256: 9183f0b6248cde8d4d5fd525c9a2ceb7d89108a614f29a6e0a908db0a6e653d0
firefox-debuginfo-24.5.0-1.el6_5.s390x.rpm
File outdated by:  RHSA-2016:1217
    MD5: c2812fb40ca39e76635ac56e933ef847
SHA-256: a163dc8437c156acd7b9918c25d8110e924b94d9bfa16905c445e0d02cafa3bd
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm     MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm     MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1249
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1249
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
IA-32:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
 
PPC:
firefox-24.5.0-1.el6_5.ppc.rpm
File outdated by:  RHBA-2014:1249
    MD5: af49b91c2754c03b90d0e73eb6daccda
SHA-256: 4e640fb0eb5546215e85a2fcde4a6662b17001cd8655ed28f22d14b5fe60c9e1
firefox-24.5.0-1.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:1249
    MD5: b9e5150f1da639a29faef5f050e6b254
SHA-256: adb41ce1bc674f19795230b8afef1b36a1bc668d1b51e51d6961a877f6db4a7a
firefox-debuginfo-24.5.0-1.el6_5.ppc.rpm
File outdated by:  RHBA-2014:1249
    MD5: 5d2fa602179de2907b2020c1d9e3c080
SHA-256: 6414ff53bde30c4b27dea3cab9ea0d303ad76b8edcbfe4bf8e4f66d2e3b846de
firefox-debuginfo-24.5.0-1.el6_5.ppc64.rpm
File outdated by:  RHBA-2014:1249
    MD5: 83200248bcb58afc9782d997aae2c567
SHA-256: cbaf772934e284578f2bf45a6ccac614d6f17d22bda3bbb3afbd32841fda9e9c
 
s390x:
firefox-24.5.0-1.el6_5.s390.rpm
File outdated by:  RHBA-2014:1249
    MD5: 7e46e45794ad61c5feec26209599cb8b
SHA-256: d307a0ce617786c5258ccf440916c5653461e2ae6624e71b1ab3a6f6cc170f00
firefox-24.5.0-1.el6_5.s390x.rpm
File outdated by:  RHBA-2014:1249
    MD5: 92732f27a975bd539a2aa4e169d6e071
SHA-256: 87c27745539a020ea49d287677589a87efa2f30fa3299344073e44ae0c25d1e8
firefox-debuginfo-24.5.0-1.el6_5.s390.rpm
File outdated by:  RHBA-2014:1249
    MD5: 2eeeb5ff90581303bb5de59e81460fae
SHA-256: 9183f0b6248cde8d4d5fd525c9a2ceb7d89108a614f29a6e0a908db0a6e653d0
firefox-debuginfo-24.5.0-1.el6_5.s390x.rpm
File outdated by:  RHBA-2014:1249
    MD5: c2812fb40ca39e76635ac56e933ef847
SHA-256: a163dc8437c156acd7b9918c25d8110e924b94d9bfa16905c445e0d02cafa3bd
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1249
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHBA-2014:1249
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHBA-2014:1249
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
firefox-24.5.0-1.el6_5.src.rpm
File outdated by:  RHSA-2016:1217
    MD5: 9d5ce6f7a942e248494fd085f88a9111
SHA-256: e365d7ee6609d83adcca9d5e32a656d85126cc582e02d749018d25047ba9aa40
 
IA-32:
firefox-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm
File outdated by:  RHSA-2016:1217
    MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
 
x86_64:
firefox-24.5.0-1.el6_5.i686.rpm     MD5: e6e36c972ecabb27c8bda1a6db6ab851
SHA-256: 354c96562cdda86e564f2454ebc96794f852afc94870d2dafe05c8d3667f2bd2
firefox-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 867eb2d549794ef451dc3dbb3a7dcea4
SHA-256: 265acccff4ae6a24265b9233d05b3b9069ef79feb7ef156cd33d79fcc6c964d9
firefox-debuginfo-24.5.0-1.el6_5.i686.rpm     MD5: ef2fee3e6fd5d2fd8ac1ee9c8cca7dd9
SHA-256: c36d79badfe6c7d4c35ebbaab0ced679f8b2e764a8762e4840d8560c986dbce8
firefox-debuginfo-24.5.0-1.el6_5.x86_64.rpm
File outdated by:  RHSA-2016:1217
    MD5: 747e7771f6c4f357eaf19d692d26919f
SHA-256: 9517a66e916e096ce86d5ea494ba07704b5c928dab8d4f2db229f2856831d881
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5
1092657 - CVE-2014-1518 Mozilla: Miscellaneous memory safety hazards (rv:24.5) (MFSA 2014-34)
1092660 - CVE-2014-1523 Mozilla: Out of bounds read while decoding JPG images (MFSA-2014-37)
1092663 - CVE-2014-1524 Mozilla: Buffer overflow when using non-XBL object as XBL (MFSA 2014-38)
1092664 - CVE-2014-1529 Mozilla: Privilege escalation through Web Notification API (MFSA 2014-42)
1092666 - CVE-2014-1530 Mozilla: Cross-site scripting (XSS) using history navigations (MFSA 2014-43)
1092668 - CVE-2014-1531 Mozilla: Use-after-free in imgLoader while resizing images (MFSA 2014-44)
1092670 - CVE-2014-1532 Mozilla: Use-after-free in nsHostResolver (MFSA 2014-46)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/