Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64
Medium Nessus Plugin ID 79712
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionSeveral flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2014-1587, CVE-2014-1590, CVE-2014-1592, CVE-2014-1593)
A flaw was found in the Alarm API, which could allow applications to schedule actions to be run in the future. A malicious web application could use this flaw to bypass the same-origin policy. (CVE-2014-1594)
This update disables SSL 3.0 support by default in Firefox. Details on how to re-enable SSL 3.0 support are available at :
After installing the update, Firefox must be restarted for the changes to take effect.
SolutionUpdate the affected firefox and / or firefox-debuginfo packages.