Skip to navigation

Security Advisory Critical: firefox security update

Advisory: RHSA-2014:0132-1
Type: Security Advisory
Severity: Critical
Issued on: 2014-02-04
Last updated on: 2014-02-04
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server AUS (v. 6.5)
Red Hat Enterprise Linux Server EUS (v. 6.5.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2014-1477
CVE-2014-1479
CVE-2014-1481
CVE-2014-1482
CVE-2014-1486
CVE-2014-1487

Details

Updated firefox packages that fix several security issues are now available
for Red Hat Enterprise Linux 5 and 6.

The Red Hat Security Response Team has rated this update as having critical
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

Mozilla Firefox is an open source web browser. XULRunner provides the XUL
Runtime environment for Mozilla Firefox.

Several flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user running
Firefox. (CVE-2014-1477, CVE-2014-1482, CVE-2014-1486)

A flaw was found in the way Firefox handled error messages related to web
workers. An attacker could use this flaw to bypass the same-origin policy,
which could lead to cross-site scripting (XSS) attacks, or could
potentially be used to gather authentication tokens and other data from
third-party websites. (CVE-2014-1487)

A flaw was found in the implementation of System Only Wrappers (SOW).
An attacker could use this flaw to crash Firefox. When combined with other
vulnerabilities, this flaw could have additional security implications.
(CVE-2014-1479)

It was found that the Firefox JavaScript engine incorrectly handled window
objects. A remote attacker could use this flaw to bypass certain security
checks and possibly execute arbitrary code. (CVE-2014-1481)

Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Christian Holler, Terrence Cole, Jesse Ruderman, Gary
Kwong, Eric Rescorla, Jonathan Kew, Dan Gohman, Ryan VanderMeulen, Sotaro
Ikeda, Cody Crews, Fredrik "Flonka" Lönnqvist, Arthur Gerkis, Masato
Kinugawa, and Boris Zbarsky as the original reporters of these issues.

For technical details regarding these flaws, refer to the Mozilla security
advisories for Firefox 24.3.0 ESR. You can find a link to the Mozilla
advisories in the References section of this erratum.

All Firefox users should upgrade to these updated packages, which contain
Firefox version 24.3.0 ESR, which corrects these issues. After installing
the update, Firefox must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
firefox-24.3.0-2.el5_10.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: d2e0270b77de1ca208d402f036aab84b
SHA-256: 89a03a1a63c9a5139c7b3c15ad74dcc679d1d023392fa0e06e974f21e75c7dd0
 
IA-32:
firefox-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 423476e9fe242f526ba7607f96d51c39
SHA-256: 8b5fc94b246e7e8978603a14ad79302e512c601c4745a4d450f969c4b690c7f5
firefox-debuginfo-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 24d10fc24eaef5621148becf62d6432e
SHA-256: dc72debd3785894a590f68bd47a13665cff518e9779f5c4c90396ab69de1862f
 
IA-64:
firefox-24.3.0-2.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 24d7cf5eb1f491e4ea334e72c1a134e6
SHA-256: c692d3c13fbd00334e5dfb09a74ddc474cd782056d1bc0adf2187e9146d53cf7
firefox-debuginfo-24.3.0-2.el5_10.ia64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 538656cb2e595ce4e7b15f7229c5b11c
SHA-256: eb314f1d6287dddf98956faf7f2f6974462e3190ef89af1f06c7878ba5b5f875
 
PPC:
firefox-24.3.0-2.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: ffb16a3280e48f6933e6ab793b0d6a95
SHA-256: d83ec9911378525d4b06a3671bc84821f442db68b9f535a25b77bc3aa129baa7
firefox-debuginfo-24.3.0-2.el5_10.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: b53fe7b95170a99f7ac154997d4ccd51
SHA-256: 18ed5ef70b575b7bbccf820a8f937aaed12a2f214f057834baa7a0a537026f6e
 
s390x:
firefox-24.3.0-2.el5_10.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: c1e510ee30128c3ed0e22cb46f0768c5
SHA-256: 265964ba2b21ebfb86794a612294c617c8008b1df23b43368d46aa0f52d50139
firefox-24.3.0-2.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 368829080ab3cf46af4a0c240236f9df
SHA-256: 330560709f70ef2f332e42774d23e132bd36d9e624e1205662d4980b4bf0c75b
firefox-debuginfo-24.3.0-2.el5_10.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: f4c9bd40edfdc41f32c18731347b93ee
SHA-256: 4eb8ad74e46ab7a5cda2f22ce4c5741a5163fef27f3fe5acd23547c019810b15
firefox-debuginfo-24.3.0-2.el5_10.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: be099cff7eade6441dd46b86a4b1ef76
SHA-256: 94ec86b7bbfd6c113a713081570a2f3831f7c0012084b04909e109cc72819d7b
 
x86_64:
firefox-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 423476e9fe242f526ba7607f96d51c39
SHA-256: 8b5fc94b246e7e8978603a14ad79302e512c601c4745a4d450f969c4b690c7f5
firefox-24.3.0-2.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: c465a1a699b88dc9284fb3c65cda5980
SHA-256: 082a190bf578c51440e254eaf7b3b1d5ecafeb87fbf621addf6ecbebbec9e88e
firefox-debuginfo-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 24d10fc24eaef5621148becf62d6432e
SHA-256: dc72debd3785894a590f68bd47a13665cff518e9779f5c4c90396ab69de1862f
firefox-debuginfo-24.3.0-2.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: e51c55fe1988b790b70da78a73cb5ae2
SHA-256: e3947b7596a770521c97995141c0daac94b7bfd6c2451dca62ac4b03241c067c
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
firefox-24.3.0-2.el5_10.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: d2e0270b77de1ca208d402f036aab84b
SHA-256: 89a03a1a63c9a5139c7b3c15ad74dcc679d1d023392fa0e06e974f21e75c7dd0
 
IA-32:
firefox-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 423476e9fe242f526ba7607f96d51c39
SHA-256: 8b5fc94b246e7e8978603a14ad79302e512c601c4745a4d450f969c4b690c7f5
firefox-debuginfo-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 24d10fc24eaef5621148becf62d6432e
SHA-256: dc72debd3785894a590f68bd47a13665cff518e9779f5c4c90396ab69de1862f
 
x86_64:
firefox-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 423476e9fe242f526ba7607f96d51c39
SHA-256: 8b5fc94b246e7e8978603a14ad79302e512c601c4745a4d450f969c4b690c7f5
firefox-24.3.0-2.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: c465a1a699b88dc9284fb3c65cda5980
SHA-256: 082a190bf578c51440e254eaf7b3b1d5ecafeb87fbf621addf6ecbebbec9e88e
firefox-debuginfo-24.3.0-2.el5_10.i386.rpm
File outdated by:  RHSA-2014:0310
    MD5: 24d10fc24eaef5621148becf62d6432e
SHA-256: dc72debd3785894a590f68bd47a13665cff518e9779f5c4c90396ab69de1862f
firefox-debuginfo-24.3.0-2.el5_10.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: e51c55fe1988b790b70da78a73cb5ae2
SHA-256: e3947b7596a770521c97995141c0daac94b7bfd6c2451dca62ac4b03241c067c
 
Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
IA-32:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
IA-32:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
 
PPC:
firefox-24.3.0-2.el6_5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: e7c292de46314aa1924a1814865d5c72
SHA-256: 3866af5924d301bfae2d65f8fda0e5108c98b66da50c43cdf8156a0d97bbb774
firefox-24.3.0-2.el6_5.ppc64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 297af551ba06b51ab13ce7131ccd157d
SHA-256: 083003152de25453225267f7402ff2f708b3468efd8f712b17e5aa6d84f6f7f9
firefox-debuginfo-24.3.0-2.el6_5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: cf1c8d48cf64ecff46b734862806e283
SHA-256: 217e8e5df74f23412455b7b7667aa9bb3df42e2819dbde4dc56c316fae58d8fc
firefox-debuginfo-24.3.0-2.el6_5.ppc64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 792f1f974fb310c035cc9e658f5394e4
SHA-256: c4067bab9d066b26b1cd3efd81e3f7876098a61e28c27d1e0f7ad8dea8d81a6d
 
s390x:
firefox-24.3.0-2.el6_5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 618ed483c80fb8e50ed9e7016c5d4fcb
SHA-256: 1a48a469440c898ceba61eb678b066f6b7275224850b1871cd51d3a414a08032
firefox-24.3.0-2.el6_5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 3cad06c3c5cbd651c192d1f30ebe3dab
SHA-256: b1062226137c4be141c11a15e6e9366e69fe8f53b5de035e3491818061a90c18
firefox-debuginfo-24.3.0-2.el6_5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: d360a1e0dca01fc5087808bd0ae39a86
SHA-256: 2e2c034ba55ccc378f1d64baf58553a1759f7d6786e8cee032729d26ba38977e
firefox-debuginfo-24.3.0-2.el6_5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 4ab279d1c58048e692459de29e1cc399
SHA-256: a2ec556fa84c3784743b51e6c03f1308a7a766284da7d5008d4a65465ba0431d
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
Red Hat Enterprise Linux Server EUS (v. 6.5.z)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
IA-32:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
 
PPC:
firefox-24.3.0-2.el6_5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: e7c292de46314aa1924a1814865d5c72
SHA-256: 3866af5924d301bfae2d65f8fda0e5108c98b66da50c43cdf8156a0d97bbb774
firefox-24.3.0-2.el6_5.ppc64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 297af551ba06b51ab13ce7131ccd157d
SHA-256: 083003152de25453225267f7402ff2f708b3468efd8f712b17e5aa6d84f6f7f9
firefox-debuginfo-24.3.0-2.el6_5.ppc.rpm
File outdated by:  RHSA-2014:0310
    MD5: cf1c8d48cf64ecff46b734862806e283
SHA-256: 217e8e5df74f23412455b7b7667aa9bb3df42e2819dbde4dc56c316fae58d8fc
firefox-debuginfo-24.3.0-2.el6_5.ppc64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 792f1f974fb310c035cc9e658f5394e4
SHA-256: c4067bab9d066b26b1cd3efd81e3f7876098a61e28c27d1e0f7ad8dea8d81a6d
 
s390x:
firefox-24.3.0-2.el6_5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: 618ed483c80fb8e50ed9e7016c5d4fcb
SHA-256: 1a48a469440c898ceba61eb678b066f6b7275224850b1871cd51d3a414a08032
firefox-24.3.0-2.el6_5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 3cad06c3c5cbd651c192d1f30ebe3dab
SHA-256: b1062226137c4be141c11a15e6e9366e69fe8f53b5de035e3491818061a90c18
firefox-debuginfo-24.3.0-2.el6_5.s390.rpm
File outdated by:  RHSA-2014:0310
    MD5: d360a1e0dca01fc5087808bd0ae39a86
SHA-256: 2e2c034ba55ccc378f1d64baf58553a1759f7d6786e8cee032729d26ba38977e
firefox-debuginfo-24.3.0-2.el6_5.s390x.rpm
File outdated by:  RHSA-2014:0310
    MD5: 4ab279d1c58048e692459de29e1cc399
SHA-256: a2ec556fa84c3784743b51e6c03f1308a7a766284da7d5008d4a65465ba0431d
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
firefox-24.3.0-2.el6_5.src.rpm
File outdated by:  RHSA-2014:0310
    MD5: bc62b10f108b374067408fcad518dfc2
SHA-256: 569eb7b7a7f3fc75a85b3f016754d4507e0b264ed32a8901c810134b9053c6b8
 
IA-32:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
 
x86_64:
firefox-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 350526657a1287d566054eb394e6bb17
SHA-256: f57b2eb320a99868192e2d634cd72d6dac106bf5d72080a2f63eaaa579784e3f
firefox-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: ee77224cca716002f914ce2a196f1ba3
SHA-256: ffbbb54049f4851851df0fdf1934ad882462446ddfd938d004059189ed3d7fa9
firefox-debuginfo-24.3.0-2.el6_5.i686.rpm
File outdated by:  RHSA-2014:0310
    MD5: 29f8b0a2e4e7ef90408ad1d2366b593f
SHA-256: 6989d1cce19b7dc5482582f4f90d6c23f86b7ffbbb6d446306f02e881068b763
firefox-debuginfo-24.3.0-2.el6_5.x86_64.rpm
File outdated by:  RHSA-2014:0310
    MD5: 646af5f9772f5cefdd6911ebfb106ae7
SHA-256: 4f52d7b8135728ed28e40ed22ab65085fd6488cbc2bdf08215e010b30c67c222
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1060938 - CVE-2014-1477 Mozilla: Miscellaneous memory safety hazards (rv:24.3) (MFSA 2014-01)
1060940 - CVE-2014-1479 Mozilla: Clone protected content with XBL scopes (MFSA 2014-02)
1060942 - CVE-2014-1482 Mozilla: Incorrect use of discarded images by RasterImage (MFSA 2014-04)
1060945 - CVE-2014-1486 Mozilla: Use-after-free with imgRequestProxy and image proccessing (MFSA 2014-08)
1060947 - CVE-2014-1487 Mozilla: Cross-origin information leak through web workers (MFSA 2014-09)
1060952 - CVE-2014-1481 Mozilla: Inconsistent JavaScript handling of access to Window objects (MFSA 2014-13)


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/