SUSE Linux 11: 2015:0593-2 Critical: MozillaFirefox Memory Flaw
suse
March 28, 2015
An update that fixes two vulnerabilities is now available
Summary
MozillaFirefox was updated to the 31.5.3ESR release to fix two security vulnerabilities: * MFSA 2015-29 / CVE-2015-0817: Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitrary code execution on the local system. * MFSA 2015-28 / CVE-2015-0818: Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. Security Issues:
References
#923534
Cross- CVE-2015-0817 CVE-2015-0818
Affected Products:
SUSE Linux Enterprise Server 11 SP2 LTSS
SUSE Linux Enterprise Server 11 SP1 LTSS
SUSE Linux Enterprise Server 10 SP4 LTSS
https://www.suse.com/security/cve/CVE-2015-0817.html
https://www.suse.com/security/cve/CVE-2015-0818.html
https://bugzilla.suse.com/show_bug.cgi?id=923534
https://scc.suse.com:443/patches/
https://scc.suse.com:443/patches/
https://scc.suse.com:443/patches/
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2015:0593-2
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!