Red Hat Product Security has been made aware of two security vulnerabilities in the Mozilla Firefox web browser:
- The first flaw is Important and could be used to bypass the add-on install permission dialog box and possibly result in a malicious add-on to be installed. This flaw has been assigned CVE-2015-4498.
- A Critical security flaw has also been found in the canvas rendering used by Firefox, and it has been assigned CVE-2015-4497.
Red Hat would like to thank the Mozilla project for reporting these issues.
Firefox normally warns the user when trying to install an add-on if this was initiated by a web page.
However, a security flaw was found in the way this dialog was rendered, and therefore a crafted HTML page could bypass this dialog. Such a page could manipulate the user into falsely believing a trusted site (such as addons.mozilla.org) initiated the installation. This could lead to users installing add-ons from a malicious source.
Use-after-free in Canvas rendering - CVE-2015-4497
A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. This flaw is described in the Mozilla upstream advisory at https://www.mozilla.org/security/announce/2015/mfsa2015-94.html
No public exploit for these flaws exists. All Red Hat products that use the Mozilla Firefox browser are affected by these issues.
See the security advisory below that fixes this issue:
To eliminate the possibility of exploitation, install the updated Firefox packages that have been made available through the advisory listed in the above table and then restart the application.
To install the updates, use the yum package manager as follows:
To only update the
package and its dependencies, use:
yum update firefox
No mitigations currently exist for these security flaws. Note that SELinux does not mitigate these issues. See Why doesn't SELinux confine desktop applications