You are here
Home > Preporuke > Nadogradnja za Mozilla Firefox

Nadogradnja za Mozilla Firefox

openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0077-1
Rating: important
References: #908892 #910669
Cross-References: CVE-2014-8634 CVE-2014-8635 CVE-2014-8636
CVE-2014-8637 CVE-2014-8638 CVE-2014-8639
CVE-2014-8640 CVE-2014-8641 CVE-2014-8642
CVE-2014-8643
Affected Products:
openSUSE 13.1
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

MozillaFirefox was updated to version 35.0 (bnc#910669)

Notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)

Security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety
hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during
bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an
Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy
Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in
Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media
Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder
certificates failure with id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM
objects

– obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.1:

zypper in -t patch openSUSE-2015-40

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.1 (i586 x86_64):

MozillaFirefox-35.0-54.2
MozillaFirefox-branding-upstream-35.0-54.2
MozillaFirefox-buildsymbols-35.0-54.2
MozillaFirefox-debuginfo-35.0-54.2
MozillaFirefox-debugsource-35.0-54.2
MozillaFirefox-devel-35.0-54.2
MozillaFirefox-translations-common-35.0-54.2
MozillaFirefox-translations-other-35.0-54.2

References:

http://support.novell.com/security/cve/CVE-2014-8634.html
http://support.novell.com/security/cve/CVE-2014-8635.html
http://support.novell.com/security/cve/CVE-2014-8636.html
http://support.novell.com/security/cve/CVE-2014-8637.html
http://support.novell.com/security/cve/CVE-2014-8638.html
http://support.novell.com/security/cve/CVE-2014-8639.html
http://support.novell.com/security/cve/CVE-2014-8640.html
http://support.novell.com/security/cve/CVE-2014-8641.html
http://support.novell.com/security/cve/CVE-2014-8642.html
http://support.novell.com/security/cve/CVE-2014-8643.html
https://bugzilla.suse.com/show_bug.cgi?id=908892
https://bugzilla.suse.com/show_bug.cgi?id=910669


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID: openSUSE-SU-2015:0077-2
Rating: important
References: #908892 #910669
Cross-References: CVE-2014-8634 CVE-2014-8635 CVE-2014-8636
CVE-2014-8637 CVE-2014-8638 CVE-2014-8639
CVE-2014-8640 CVE-2014-8641 CVE-2014-8642
CVE-2014-8643
Affected Products:
openSUSE 13.2
______________________________________________________________________________

An update that fixes 10 vulnerabilities is now available.

Description:

MozillaFirefox was updated to version 35.0 (bnc#910669)

Notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)

Security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety
hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during
bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an
Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy
Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in
Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media
Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder
certificates failure with id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM
objects

– obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

– openSUSE 13.2:

zypper in -t patch openSUSE-2015-40

To bring your system up-to-date, use “zypper patch”.

Package List:

– openSUSE 13.2 (i586 x86_64):

MozillaFirefox-35.0-9.1
MozillaFirefox-branding-upstream-35.0-9.1
MozillaFirefox-buildsymbols-35.0-9.1
MozillaFirefox-debuginfo-35.0-9.1
MozillaFirefox-debugsource-35.0-9.1
MozillaFirefox-devel-35.0-9.1
MozillaFirefox-translations-common-35.0-9.1
MozillaFirefox-translations-other-35.0-9.1

References:

http://support.novell.com/security/cve/CVE-2014-8634.html
http://support.novell.com/security/cve/CVE-2014-8635.html
http://support.novell.com/security/cve/CVE-2014-8636.html
http://support.novell.com/security/cve/CVE-2014-8637.html
http://support.novell.com/security/cve/CVE-2014-8638.html
http://support.novell.com/security/cve/CVE-2014-8639.html
http://support.novell.com/security/cve/CVE-2014-8640.html
http://support.novell.com/security/cve/CVE-2014-8641.html
http://support.novell.com/security/cve/CVE-2014-8642.html
http://support.novell.com/security/cve/CVE-2014-8643.html
https://bugzilla.suse.com/show_bug.cgi?id=908892
https://bugzilla.suse.com/show_bug.cgi?id=910669


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
7e

Top
More in Preporuke
Ranjivost programskog paketa xdg-utils

Otkrivena je ranjivost u programskom paketu xdg-utils za Debian uzrokovana neprovjeravanjem unesenih parametara prema xdg-open. Potencijalni zlonamjerni korisnik ranjivost može...

Close