Red Hat Security Advisory 2015-1982-01 – Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A same-origin policy bypass flaw was found in the way Firefox handled certain cross-origin resource sharing requests. A web page containing malicious content could cause Firefox to disclose sensitive information.
Monthly Archives: November 2015
CESA-2015:1982 Critical CentOS 6 firefox SecurityUpdate
CentOS Errata and Security Advisory 2015:1982 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1982.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2b0500f8e67797c067512e493b6def2730ff342cfe25f5422b8eef976942ca51 firefox-38.4.0-1.el6.centos.i686.rpm x86_64: 2b0500f8e67797c067512e493b6def2730ff342cfe25f5422b8eef976942ca51 firefox-38.4.0-1.el6.centos.i686.rpm ad3552e15870db864b059640070725bd7975c763709f04ed1d4344344cde00d3 firefox-38.4.0-1.el6.centos.x86_64.rpm Source: f94e96d73f29b4af3820b876105f17485a9ec993a7fc502ccc3a26b71811e7fe firefox-38.4.0-1.el6.centos.src.rpm
CESA-2015:1981 Critical CentOS 6 nspr SecurityUpdate
CentOS Errata and Security Advisory 2015:1981 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1981.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4918a807ce01bae46183b6a1340c9df45625542a2ef912f305666dba8c60329b nspr-4.10.8-2.el6_7.i686.rpm e83bd8e8dc29a0a2913d47031309aefee083f603716d58f484155a97c17130e6 nspr-devel-4.10.8-2.el6_7.i686.rpm x86_64: 4918a807ce01bae46183b6a1340c9df45625542a2ef912f305666dba8c60329b nspr-4.10.8-2.el6_7.i686.rpm bfdb7611d0a5f624f7193a504c12dbf44c863caf3077c5572bc485fb29ae6704 nspr-4.10.8-2.el6_7.x86_64.rpm e83bd8e8dc29a0a2913d47031309aefee083f603716d58f484155a97c17130e6 nspr-devel-4.10.8-2.el6_7.i686.rpm 800d3997bca59552ab1d456edb511caa97fa4a6524e6bef133ea4adbf6cbcc3e nspr-devel-4.10.8-2.el6_7.x86_64.rpm Source: 999b3e49fd18fc6982167b3e4059fb770ca228060b832804b2857018417ec3e9 nspr-4.10.8-2.el6_7.src.rpm
CESA-2015:1981 Critical CentOS 6 nss SecurityUpdate
CentOS Errata and Security Advisory 2015:1981 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1981.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: e393b4dd10cbe47688991416f534c60cb02aac06c8e3e498a29ef773e05845ee nss-3.19.1-5.el6_7.i686.rpm cfcb3069f84af25d0d1c148f99cf2ad1b058dc614e010f8a8dce1071ab8d4612 nss-devel-3.19.1-5.el6_7.i686.rpm 5c7700f9089ea6deab51892d1dd8224e1d96b0af959f5e9fe14b052c1afd20da nss-pkcs11-devel-3.19.1-5.el6_7.i686.rpm c0ecd8ead0d3c89974f39d12f5eb2101c9191885bc80d69532d7dc2bc2a5f516 nss-sysinit-3.19.1-5.el6_7.i686.rpm 24cde93f943dbcaf41ed5194e486192bfb346aea9953a404dd637fb792a6d506 nss-tools-3.19.1-5.el6_7.i686.rpm x86_64: e393b4dd10cbe47688991416f534c60cb02aac06c8e3e498a29ef773e05845ee nss-3.19.1-5.el6_7.i686.rpm 1e26eb517f2c9ef4ea97906fac1a9b919feb69c202b2c8a455605138a8d28981 nss-3.19.1-5.el6_7.x86_64.rpm cfcb3069f84af25d0d1c148f99cf2ad1b058dc614e010f8a8dce1071ab8d4612 nss-devel-3.19.1-5.el6_7.i686.rpm f255456bf67e8f90f210064d39a8b5a4d07334b55e3bed8a508660fe994eff77 nss-devel-3.19.1-5.el6_7.x86_64.rpm 5c7700f9089ea6deab51892d1dd8224e1d96b0af959f5e9fe14b052c1afd20da nss-pkcs11-devel-3.19.1-5.el6_7.i686.rpm 2ac9273c152b431c54c0bdb56d5ffbd4254ae2126a0a413e7756f14fd44ac569 nss-pkcs11-devel-3.19.1-5.el6_7.x86_64.rpm c0be3b628fd7076f5d3b76347d664ca2cd81ae69d7310f4518649be987a32042 nss-sysinit-3.19.1-5.el6_7.x86_64.rpm dac61798795b0dd2389f4bddd05696508b903855f43f441da88b7aa740c3934e nss-tools-3.19.1-5.el6_7.x86_64.rpm Source: 95999daa348612d669a0fc66981e9cccc8dd64021b5bd558a84d351fb9204fc0 nss-3.19.1-5.el6_7.src.rpm
CESA-2015:1981 Critical CentOS 6 nss-utilSecurity Update
CentOS Errata and Security Advisory 2015:1981 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1981.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 2244ada80af9a50e7159f2b15d583c95d52a8fcf64bf24741a9ef43cae60ba7c nss-util-3.19.1-2.el6_7.i686.rpm 6be5b41d00bbcc98eb2b2702835c7f10e87a43ac2b6242f1f4efffd55a779f3f nss-util-devel-3.19.1-2.el6_7.i686.rpm x86_64: 2244ada80af9a50e7159f2b15d583c95d52a8fcf64bf24741a9ef43cae60ba7c nss-util-3.19.1-2.el6_7.i686.rpm 3050110e0f9737ecb291a6a3b5a4889454eb05785c6408ec8ab674e5491c2fd4 nss-util-3.19.1-2.el6_7.x86_64.rpm 6be5b41d00bbcc98eb2b2702835c7f10e87a43ac2b6242f1f4efffd55a779f3f nss-util-devel-3.19.1-2.el6_7.i686.rpm e71378f0cc7bb6efb1cbd83ce2ec269099031910a78c75cf3e9205a3ec26d742 nss-util-devel-3.19.1-2.el6_7.x86_64.rpm Source: 29270259046ca34f5c7039c0ca5160e02a2877f1a074bf05d0060b56e5a1461b nss-util-3.19.1-2.el6_7.src.rpm
New Bill Would Force Cops To Get Stingray Warrants
Google Reveals Samsung Galaxy S6 Edge's Security Flaws
British Surveillance Bill Includes Internet Records Storage
Chinese Mobile Ad Library Backdoored To Spy On iOS
Login Disable – Access Bypass – Moderately Critical – SA-CONTRIB-2015-162
- Advisory ID: DRUPAL-SA-CONTRIB-2015-162
- Project: Login Disable (third-party module)
- Version: 6.x, 7.x
- Date: 2015-November-04
- Security risk: 12/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:Uncommon
- Vulnerability: Access bypass
Description
This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page.
The Login Disable module doesn’t support other contributed user authentication modules like CAS or URL Login. When combined with those modules, the protection preventing a user from logging in does not work.
This vulnerability is mitigated by the fact that an attacker must already have a user account to log in. This bug therefore allows users to log in even if they do not have permission to login.
CVE identifier(s) issued
- A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
- Login Disable 6.x-1.x versions prior to 6.x-1.1.
- Login Disable 7.x-1.x versions prior to 7.x-1.2.
Drupal core is not affected. If you do not use the contributed Login Disable module, there is nothing you need to do.
Solution
Install the latest version:
- If you use the Login Disable module for Drupal 6.x, upgrade to Login Disable 6.x-1.1
- If you use the Login Disable module for Drupal 7.x, upgrade to Login Disable 7.x-1.2
Also see the Login Disable project page.
Reported by
Fixed by
- Bryan Heisler
- Brian Gilbert the module maintainer
Coordinated by
- Greg Knaddison of the Drupal Security Team
Contact and More Information
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.
Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity
Drupal version: