Debian Linux Security Advisory 3345-1 - Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser.
24e00d0d8a4aa48074979e8bfa8b317c0e56f053929afcf2a9f45eb65eb335e9
Red Hat Security Advisory 2015-1693-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox handled installation of add-ons. An attacker could use this flaw to bypass the add-on installation prompt, and trick the user into installing an add-on from a malicious source.
9b2e9a060e33cc0a2687081a2c395aa46ddf9b9ec1e52e6502df3079ce61d110
Ubuntu Security Notice 2723-1 - A use-after-free was discovered when resizing a canvas element during restyling in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bas Venis discovered that the addon install permission prompt could be bypassed using data: URLs in some circumstances. It was also discovered that the installation notification could be made to appear over another site. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to install a malicious addon. Various other issues were also addressed.
4d49a8932c386a3626af418e26cce00ed96770da2972b0601cb7c78619dbe836