VDB

GCVE-110-MAGEIA-2015-115

GCVE-110-MAGEIA-2015-115
Advisory Published
Vulnetix · Advisory published March 23, 2015
A flaw was discovered in the implementation of typed array bounds checking in the Javascript just-in-time compilation. If a user were tricked in to opening a specially crafted website, an attacked could exploit this to execute arbitrary code with the privileges of the user invoking Firefox (CVE-2015-0817). Mariusz Mlynski discovered a flaw in the processing of SVG format content navigation. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to run arbitrary script in a privileged context (CVE-2015-0818). The firefox package has been updated to version 31.5.3 to fix these issues. Also, the nss package has been updated to version 3.18, which enables TLS and DTLS 1.2, increases the default RSA key size created by certutil to 2048 bits, and has some CA root certificate updates.

Affected Products

VendorProductVersionsPlatforms
Mageiarootcerts0 (affected), 20150226.00-1.mga4 (unaffected), 0 (affected), 20150226.00-1.mga4 (unaffected)
Mageiagftp0 (affected), 2.0.19-13.1.mga5 (unaffected)
Mageiafirefox-l10n0 (affected), 31.5.3-1.mga4 (unaffected), 0 (affected), 31.5.3-1.mga4 (unaffected)
Mageiafirefox0 (affected), 31.5.3-1.mga4 (unaffected), 0 (affected), 31.5.3-1.mga4 (unaffected)
Mageianss0 (affected), 3.18.0-1.mga4 (unaffected), 3.18.0-1.mga4 (unaffected), 0 (affected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›