Red Hat Addresses Critical Firefox Vulnerability
On April 26th, 2016, Red Hat 5, 6, and 7 along with its community-supported counterpart CentOS have released a major new Firefox upgrade to address a number of Critical vulnerabilities in the Extend Support Release (ESR) version of Mozilla's browser software. The version number jumps to 45 from the current 38. According to the Security Advisory , Mozilla reported that the Firefox version available for Enterprise Linux distributions--i.e. 38.8--could allow "A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. ( CVE-2016-2805 , CVE-2016-2806 , CVE-2016-2807 , CVE-2016-2808 , CVE-2016-2814 )" Upstream, Mozilla's Security Advosories page for the Extended Support Release ( ESR ) of Firefox tracks this issue and has some relevant links for the different vulnerabilities addressed by this major update. firefox-45.1.0-1.el7_2.src.rpm Buffer Overflow in libs