Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » LM15-0003


Id LM15-0003
Name Mozilla Firefox 35.0 for Mac OS X (See Notes)
Vendor Name mozilla
Product Mozilla FireFox
Content Type Critical Critical
Operating System(s) OSX 
Released On 13 Jan 2015 12:00:00


Mozilla Firefox 35.0 for Mac OS X (See Notes)

Vendor Name



Mozilla FireFox

Released On

13 Jan 2015 12:00:00



Mozilla Firefox is a web browser provided by the Mozilla Corporation with a rapid release cycle.

Firefox 35.0 addresses the following security issues:

  • MSFA-2015-09 XrayWrapper bypass through DOM objects
  • MSFA-2015-08 Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension
  • MSFA-2015-07 Gecko Media Plugin sandbox escape
  • MSFA-2015-06 Read-after-free in WebRTC
  • MSFA-2015-05 Read of uninitialized memory in Web Audio
  • MSFA-2015-04 Cookie injection through Proxy Authenticate responses
  • MSFA-2015-03 sendBeacon requests lack an Origin header
  • MSFA-2015-02 Uninitialized memory use during bitmap rendering
  • MSFA-2015-01 Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)

  • Notes:
  • By default, deployment will automatically update in the Applications folder.
  • Deployment while Firefox is running will not update the current browser session. The user may re-launch Firefox in order to complete the update.
  • Use the download only option to deploy the installer to the agent's temporary directory (by default, "/tmp/{Agent GUID}"). An administrator may then manually install the update.
  • The detection logic only detects Firefox installations in the current system volume. Multiple installations of Firefox may cause unexpected detection results.
  • Related Resources

    Related Vulnerabilities

    CVE-2014-8634   CVE-2014-8635   CVE-2014-8636   CVE-2014-8637   CVE-2014-8638   CVE-2014-8639   CVE-2014-8640   CVE-2014-8641   CVE-2014-8642   CVE-2014-8643  

    Related Patches


    Superseded Patches

    Last Updated: 27 May 2016 11:20:31