Security Alert (A15-09-04): Multiple Vulnerabilities in Firefox

Description:

Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by memory safety bugs in the browser engine, buffer overflow or use-after-free error. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerabilities.

Affected Systems:

• Firefox prior to version 41
• Firefox ESR 38.x prior to version 38.3
  (Firefox ESR 31.x could also be affected but it has reached end-of-support)

Impact:

Depending on the vulnerability exploited, a successful attack could lead to application crash or arbitrary code execution on an affected system.

Recommendation:

Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:

• Firefox 41 for Windows, Macintosh and Linux
  http://www.mozilla.org/en-US/firefox/all.html
  
  
• Firefox ESR 38.3 for Windows, Macintosh and Linux
  http://www.mozilla.org/en-US/firefox/organizations/all/
  
  

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/ (to mfsa2015-114)
https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
https://www.hkcert.org/my_url/en/alert/15092301
https://www.us-cert.gov/ncas/current-activity/2015/09/22/Mozilla-Releases-Security-Updates-Firefox
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500 (to CVE-2015-4512)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4516 (to CVE-2015-4517)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519 (to CVE-2015-4522)
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174 (to CVE-2015-7180)