Mozilla Firefox vulnerabilities (CVE-2015-4497 and CVE-2015-4498)

Updated -

Red Hat Product Security has been made aware of two security vulnerabilities in the Mozilla Firefox web browser:

  • The first flaw is Important and could be used to bypass the add-on install permission dialog box and possibly result in a malicious add-on to be installed. This flaw has been assigned CVE-2015-4498.
  • A Critical security flaw has also been found in the canvas rendering used by Firefox, and it has been assigned CVE-2015-4497.

Red Hat would like to thank the Mozilla project for reporting these issues.

Background Information

Add-on permissions - CVE-2015-4498

Firefox normally warns the user when trying to install an add-on if this was initiated by a web page.

However, a security flaw was found in the way this dialog was rendered, and therefore a crafted HTML page could bypass this dialog. Such a page could manipulate the user into falsely believing a trusted site (such as addons.mozilla.org) initiated the installation. This could lead to users installing add-ons from a malicious source.

Use-after-free in Canvas rendering - CVE-2015-4497

A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. This flaw is described in the Mozilla upstream advisory at https://www.mozilla.org/security/announce/2015/mfsa2015-94.html.

Impact

No public exploit for these flaws exists. All Red Hat products that use the Mozilla Firefox browser are affected by these issues.

Security Advisory

See the security advisory below that fixes this issue:

Product Advisory
Red Hat Enterprise Linux 5 RHSA-2015:1693
Red Hat Enterprise Linux 6 RHSA-2015:1693
Red Hat Enterprise Linux 7 RHSA-2015:1693

Resolution

To eliminate the possibility of exploitation, install the updated Firefox packages that have been made available through the advisory listed in the above table and then restart the application.

To install the updates, use the yum package manager as follows:

yum update

To only update the firefox package and its dependencies, use:

yum update firefox

Mitigation

No mitigations currently exist for these security flaws. Note that SELinux does not mitigate these issues. See Why doesn't SELinux confine desktop applications for details.

References

Was this helpful?

We appreciate your feedback. Leave a comment if you would like to provide more detail.
It looks like we have some work to do. Leave a comment to let us know how we could improve.