SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________
Announcement ID: SUSE-SU-2015:2081-1
Rating: important
References: #908275 #940806 #943557 #943558 #943608 #947003
#952810
Cross-References: CVE-2015-4473 CVE-2015-4474 CVE-2015-4475
CVE-2015-4478 CVE-2015-4479 CVE-2015-4484
CVE-2015-4485 CVE-2015-4486 CVE-2015-4487
CVE-2015-4488 CVE-2015-4489 CVE-2015-4491
CVE-2015-4492 CVE-2015-4497 CVE-2015-4498
CVE-2015-4500 CVE-2015-4501 CVE-2015-4506
CVE-2015-4509 CVE-2015-4511 CVE-2015-4513
CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
CVE-2015-7180 CVE-2015-7181 CVE-2015-7182
CVE-2015-7183 CVE-2015-7188 CVE-2015-7189
CVE-2015-7193 CVE-2015-7194 CVE-2015-7196
CVE-2015-7197 CVE-2015-7198 CVE-2015-7199
CVE-2015-7200
Affected Products:
SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________
An update that fixes 43 vulnerabilities is now available.
It includes three new package versions.
Description:
MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple
security issues.
* MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards
(rv:42.0 / rv:38.4)
* MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address
hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 Buffer overflow during image
interactions in canvas
* MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when
non-standard Content-Type headers are received
* MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip
files
* MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with
Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass
through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR
memory corruption issues
It also includes fixes from 38.3.0ESR:
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing
vp9 format video
* MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML
media content
* MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes
final URL after redirects
* MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight
request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180 Vulnerabilities found through code inspection
It also includes fixes from the Firefox 38.2.1ESR release:
* MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing
canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass
through data URLs
It also includes fixes from the Firefox 38.2.0ESR release:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety
hazards (rv:40.0 / rv:38.2)
* MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable
JavaScript object properties
* MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright
* MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in
JavaScript
* MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling
bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx
when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with
shared workers
Security Issues:
* CVE-2015-4473
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473>
* CVE-2015-4474
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474>
* CVE-2015-4475
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475>
* CVE-2015-4478
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478>
* CVE-2015-4479
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479>
* CVE-2015-4484
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484>
* CVE-2015-4485
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485>
* CVE-2015-4486
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486>
* CVE-2015-4487
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487>
* CVE-2015-4488
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488>
* CVE-2015-4489
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489>
* CVE-2015-4491
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491>
* CVE-2015-4492
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492>
* CVE-2015-4497
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497>
* CVE-2015-4498
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498>
* CVE-2015-4500
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500>
* CVE-2015-4501
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501>
* CVE-2015-4506
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506>
* CVE-2015-4509
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509>
* CVE-2015-4511
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511>
* CVE-2015-4513
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513>
* CVE-2015-4517
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517>
* CVE-2015-4519
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519>
* CVE-2015-4520
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520>
* CVE-2015-4521
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521>
* CVE-2015-4522
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522>
* CVE-2015-7174
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174>
* CVE-2015-7175
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175>
* CVE-2015-7176
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176>
* CVE-2015-7177
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177>
* CVE-2015-7180
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180>
* CVE-2015-7181
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181>
* CVE-2015-7182
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182>
* CVE-2015-7183
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183>
* CVE-2015-7188
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188>
* CVE-2015-7189
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189>
* CVE-2015-7193
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193>
* CVE-2015-7194
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194>
* CVE-2015-7196
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196>
* CVE-2015-7197
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197>
* CVE-2015-7198
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198>
* CVE-2015-7199
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199>
* CVE-2015-7200
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200>
Package List:
– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:
mozilla-nspr-4.10.10-0.5.1
mozilla-nspr-devel-4.10.10-0.5.1
mozilla-nss-3.19.2.1-0.5.1
mozilla-nss-devel-3.19.2.1-0.5.1
mozilla-nss-tools-3.19.2.1-0.5.1
– SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:
mozilla-nspr-32bit-4.10.10-0.5.1
mozilla-nss-32bit-3.19.2.1-0.5.1
– SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 38]:
MozillaFirefox-38.4.0esr-0.7.1
MozillaFirefox-branding-SLED-38-0.5.3
MozillaFirefox-translations-38.4.0esr-0.7.1
References:
https://www.suse.com/security/cve/CVE-2015-4473.html
https://www.suse.com/security/cve/CVE-2015-4474.html
https://www.suse.com/security/cve/CVE-2015-4475.html
https://www.suse.com/security/cve/CVE-2015-4478.html
https://www.suse.com/security/cve/CVE-2015-4479.html
https://www.suse.com/security/cve/CVE-2015-4484.html
https://www.suse.com/security/cve/CVE-2015-4485.html
https://www.suse.com/security/cve/CVE-2015-4486.html
https://www.suse.com/security/cve/CVE-2015-4487.html
https://www.suse.com/security/cve/CVE-2015-4488.html
https://www.suse.com/security/cve/CVE-2015-4489.html
https://www.suse.com/security/cve/CVE-2015-4491.html
https://www.suse.com/security/cve/CVE-2015-4492.html
https://www.suse.com/security/cve/CVE-2015-4497.html
https://www.suse.com/security/cve/CVE-2015-4498.html
https://www.suse.com/security/cve/CVE-2015-4500.html
https://www.suse.com/security/cve/CVE-2015-4501.html
https://www.suse.com/security/cve/CVE-2015-4506.html
https://www.suse.com/security/cve/CVE-2015-4509.html
https://www.suse.com/security/cve/CVE-2015-4511.html
https://www.suse.com/security/cve/CVE-2015-4513.html
https://www.suse.com/security/cve/CVE-2015-4517.html
https://www.suse.com/security/cve/CVE-2015-4519.html
https://www.suse.com/security/cve/CVE-2015-4520.html
https://www.suse.com/security/cve/CVE-2015-4521.html
https://www.suse.com/security/cve/CVE-2015-4522.html
https://www.suse.com/security/cve/CVE-2015-7174.html
https://www.suse.com/security/cve/CVE-2015-7175.html
https://www.suse.com/security/cve/CVE-2015-7176.html
https://www.suse.com/security/cve/CVE-2015-7177.html
https://www.suse.com/security/cve/CVE-2015-7180.html
https://www.suse.com/security/cve/CVE-2015-7181.html
https://www.suse.com/security/cve/CVE-2015-7182.html
https://www.suse.com/security/cve/CVE-2015-7183.html
https://www.suse.com/security/cve/CVE-2015-7188.html
https://www.suse.com/security/cve/CVE-2015-7189.html
https://www.suse.com/security/cve/CVE-2015-7193.html
https://www.suse.com/security/cve/CVE-2015-7194.html
https://www.suse.com/security/cve/CVE-2015-7196.html
https://www.suse.com/security/cve/CVE-2015-7197.html
https://www.suse.com/security/cve/CVE-2015-7198.html
https://www.suse.com/security/cve/CVE-2015-7199.html
https://www.suse.com/security/cve/CVE-2015-7200.html
https://bugzilla.suse.com/908275
https://bugzilla.suse.com/940806
https://bugzilla.suse.com/943557
https://bugzilla.suse.com/943558
https://bugzilla.suse.com/943608
https://bugzilla.suse.com/947003
https://bugzilla.suse.com/952810
https://download.suse.com/patch/finder/?keywords=bb006e2ed6738badb2b7f4f52e5c1b2a
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org