Vulnerabilities affecting this package (0)
| Vulnerability |
Summary |
Fixed by |
|
This package is not known to be affected by vulnerabilities.
|
Vulnerabilities fixed by this package (6)
| Vulnerability |
Summary |
Aliases |
|
VCID-4vhr-24e3-d3d2
|
security update
|
CVE-2014-1593
|
|
VCID-5xuq-n3bu-1bbb
|
Security researcher Kent Howard reported an Apple issue
present in OS X 10.10 (Yosemite) where log files are created by the
CoreGraphics framework of OS X in the /tmp local
directory. These log files contain a record of all inputs into Mozilla programs
during their operation. In versions of OS X from versions 10.6 through 10.9, the
CoreGraphics had this logging ability but it was turned off by
default. In OS X 10.10, this logging was turned on by default for some
applications that use a custom memory allocator, such as jemalloc,
because of an initialization bug in the framework. This issue has been addressed
in Mozilla products by explicitly turning off the framework's logging of input
events. On vulnerable systems, this issue can result in private data such as
usernames, passwords, and other inputted data being saved to a log file on the
local system.
This issue does not affect OS X users prior to 10.10. Users on
OS X 10.10 should go to their /tmp folder and delete any files with
names beginning with "CGLog_" followed by the name of a Mozilla product, such as
"CGLog_firefox".
|
CVE-2014-1595
|
|
VCID-63hm-xmht-g3cp
|
security update
|
CVE-2014-1592
|
|
VCID-8s1b-yh8y-cbdk
|
security update
|
CVE-2014-1587
|
|
VCID-e1ef-b4f7-7yd8
|
security update
|
CVE-2014-1594
|
|
VCID-vhpz-366r-hbg1
|
security update
|
CVE-2014-1590
|