openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:1658-1
Rating:             important
References:         #947003 
Cross-References:   CVE-2015-4476 CVE-2015-4500 CVE-2015-4501
                    CVE-2015-4502 CVE-2015-4503 CVE-2015-4504
                    CVE-2015-4505 CVE-2015-4506 CVE-2015-4507
                    CVE-2015-4508 CVE-2015-4509 CVE-2015-4510
                    CVE-2015-4511 CVE-2015-4512 CVE-2015-4516
                    CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
                    CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
                    CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
                    CVE-2015-7178 CVE-2015-7179 CVE-2015-7180
                   
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that fixes 27 vulnerabilities is now available.

Description:

   MozillaFirefox was updated to Firefox 41.0 (bnc#947003)

   Security issues fixed:

   * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
     hazards
   * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to
     servers   * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS
     library with ICC V4 profile attributes
   * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute
     spoofing on Android by pasting URL with unknown scheme
   * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file
     manipulation by local user through Mozilla updater
   * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx
     while parsing vp9 format video
   * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with
     SavedStacks in JavaScript
   * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode
   * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared
     workers and IndexedDB
   * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding
     WebM video
   * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while
     manipulating HTML media content
   * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D
     canvas display on Linux 16-bit color depth systems
   * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access
     inner window
   * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property
     enforcement can be bypassed
   * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images
     exposes final URL after redirects
   * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the
     handling of CORS preflight request headers   * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
     CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180
     Vulnerabilities found through code inspection
   * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526)
     (Windows only) Memory safety errors in libGLES in the ANGLE graphics
     library
   * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information
     disclosure via the High Resolution Time API


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-619=1

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-619=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (i586 x86_64):

      MozillaFirefox-41.0-44.1
      MozillaFirefox-branding-upstream-41.0-44.1
      MozillaFirefox-buildsymbols-41.0-44.1
      MozillaFirefox-debuginfo-41.0-44.1
      MozillaFirefox-debugsource-41.0-44.1
      MozillaFirefox-devel-41.0-44.1
      MozillaFirefox-translations-common-41.0-44.1
      MozillaFirefox-translations-other-41.0-44.1

   - openSUSE 13.1 (i586 x86_64):

      MozillaFirefox-41.0-88.1
      MozillaFirefox-branding-upstream-41.0-88.1
      MozillaFirefox-buildsymbols-41.0-88.1
      MozillaFirefox-debuginfo-41.0-88.1
      MozillaFirefox-debugsource-41.0-88.1
      MozillaFirefox-devel-41.0-88.1
      MozillaFirefox-translations-common-41.0-88.1
      MozillaFirefox-translations-other-41.0-88.1


References:

   https://www.suse.com/security/cve/CVE-2015-4476.html
   https://www.suse.com/security/cve/CVE-2015-4500.html
   https://www.suse.com/security/cve/CVE-2015-4501.html
   https://www.suse.com/security/cve/CVE-2015-4502.html
   https://www.suse.com/security/cve/CVE-2015-4503.html
   https://www.suse.com/security/cve/CVE-2015-4504.html
   https://www.suse.com/security/cve/CVE-2015-4505.html
   https://www.suse.com/security/cve/CVE-2015-4506.html
   https://www.suse.com/security/cve/CVE-2015-4507.html
   https://www.suse.com/security/cve/CVE-2015-4508.html
   https://www.suse.com/security/cve/CVE-2015-4509.html
   https://www.suse.com/security/cve/CVE-2015-4510.html
   https://www.suse.com/security/cve/CVE-2015-4511.html
   https://www.suse.com/security/cve/CVE-2015-4512.html
   https://www.suse.com/security/cve/CVE-2015-4516.html
   https://www.suse.com/security/cve/CVE-2015-4517.html
   https://www.suse.com/security/cve/CVE-2015-4519.html
   https://www.suse.com/security/cve/CVE-2015-4520.html
   https://www.suse.com/security/cve/CVE-2015-4521.html
   https://www.suse.com/security/cve/CVE-2015-4522.html
   https://www.suse.com/security/cve/CVE-2015-7174.html
   https://www.suse.com/security/cve/CVE-2015-7175.html
   https://www.suse.com/security/cve/CVE-2015-7176.html
   https://www.suse.com/security/cve/CVE-2015-7177.html
   https://www.suse.com/security/cve/CVE-2015-7178.html
   https://www.suse.com/security/cve/CVE-2015-7179.html
   https://www.suse.com/security/cve/CVE-2015-7180.html
   https://bugzilla.suse.com/947003

--

openSUSE: 2015:1658-1: important: MozillaFirefox

October 1, 2015
An update that fixes 27 vulnerabilities is now available.

Description

MozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed: * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-619=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-619=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE 13.2 (i586 x86_64): MozillaFirefox-41.0-44.1 MozillaFirefox-branding-upstream-41.0-44.1 MozillaFirefox-buildsymbols-41.0-44.1 MozillaFirefox-debuginfo-41.0-44.1 MozillaFirefox-debugsource-41.0-44.1 MozillaFirefox-devel-41.0-44.1 MozillaFirefox-translations-common-41.0-44.1 MozillaFirefox-translations-other-41.0-44.1 - openSUSE 13.1 (i586 x86_64): MozillaFirefox-41.0-88.1 MozillaFirefox-branding-upstream-41.0-88.1 MozillaFirefox-buildsymbols-41.0-88.1 MozillaFirefox-debuginfo-41.0-88.1 MozillaFirefox-debugsource-41.0-88.1 MozillaFirefox-devel-41.0-88.1 MozillaFirefox-translations-common-41.0-88.1 MozillaFirefox-translations-other-41.0-88.1


References

https://www.suse.com/security/cve/CVE-2015-4476.html https://www.suse.com/security/cve/CVE-2015-4500.html https://www.suse.com/security/cve/CVE-2015-4501.html https://www.suse.com/security/cve/CVE-2015-4502.html https://www.suse.com/security/cve/CVE-2015-4503.html https://www.suse.com/security/cve/CVE-2015-4504.html https://www.suse.com/security/cve/CVE-2015-4505.html https://www.suse.com/security/cve/CVE-2015-4506.html https://www.suse.com/security/cve/CVE-2015-4507.html https://www.suse.com/security/cve/CVE-2015-4508.html https://www.suse.com/security/cve/CVE-2015-4509.html https://www.suse.com/security/cve/CVE-2015-4510.html https://www.suse.com/security/cve/CVE-2015-4511.html https://www.suse.com/security/cve/CVE-2015-4512.html https://www.suse.com/security/cve/CVE-2015-4516.html https://www.suse.com/security/cve/CVE-2015-4517.html https://www.suse.com/security/cve/CVE-2015-4519.html https://www.suse.com/security/cve/CVE-2015-4520.html https://www.suse.com/security/cve/CVE-2015-4521.html https://www.suse.com/security/cve/CVE-2015-4522.html https://www.suse.com/security/cve/CVE-2015-7174.html https://www.suse.com/security/cve/CVE-2015-7175.html https://www.suse.com/security/cve/CVE-2015-7176.html https://www.suse.com/security/cve/CVE-2015-7177.html https://www.suse.com/security/cve/CVE-2015-7178.html https://www.suse.com/security/cve/CVE-2015-7179.html https://www.suse.com/security/cve/CVE-2015-7180.html https://bugzilla.suse.com/947003--


Severity
Announcement ID: openSUSE-SU-2015:1658-1
Rating: important
Affected Products: openSUSE 13.2 openSUSE 13.1

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved