SUSE Security Update: Security update for Mozilla Firefox
______________________________________________________________________________

Announcement ID:    SUSE-SU-2015:2081-1
Rating:             important
References:         #908275 #940806 #943557 #943558 #943608 #947003 
                    #952810 
Cross-References:   CVE-2015-4473 CVE-2015-4474 CVE-2015-4475
                    CVE-2015-4478 CVE-2015-4479 CVE-2015-4484
                    CVE-2015-4485 CVE-2015-4486 CVE-2015-4487
                    CVE-2015-4488 CVE-2015-4489 CVE-2015-4491
                    CVE-2015-4492 CVE-2015-4497 CVE-2015-4498
                    CVE-2015-4500 CVE-2015-4501 CVE-2015-4506
                    CVE-2015-4509 CVE-2015-4511 CVE-2015-4513
                    CVE-2015-4517 CVE-2015-4519 CVE-2015-4520
                    CVE-2015-4521 CVE-2015-4522 CVE-2015-7174
                    CVE-2015-7175 CVE-2015-7176 CVE-2015-7177
                    CVE-2015-7180 CVE-2015-7181 CVE-2015-7182
                    CVE-2015-7183 CVE-2015-7188 CVE-2015-7189
                    CVE-2015-7193 CVE-2015-7194 CVE-2015-7196
                    CVE-2015-7197 CVE-2015-7198 CVE-2015-7199
                    CVE-2015-7200
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4 LTSS
______________________________________________________________________________

   An update that fixes 43 vulnerabilities is now available.
   It includes three new package versions.

Description:


   MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple
   security issues.

       * MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards
         (rv:42.0 / rv:38.4)
       * MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address
         hostnames can bypass same-origin policy
       * MFSA 2015-123/CVE-2015-7189 Buffer overflow during image
         interactions in canvas
       * MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when
         non-standard Content-Type headers are received
       * MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip
         files
       * MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with
         Java applet
       * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
         Vulnerabilities found through code inspection
       * MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass
         through workers       * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR
         memory corruption issues

   It also includes fixes from 38.3.0ESR:

       * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
         hazards (rv:41.0 / rv:38.3)
       * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing
         vp9 format video
       * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
       * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML
         media content
       * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes
         final URL after redirects
       * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight
         request headers       * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
         CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
         CVE-2015-7180 Vulnerabilities found through code inspection

   It also includes fixes from the Firefox 38.2.1ESR release:

       * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing
         canvas element during restyling
       * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass
         through data URLs

   It also includes fixes from the Firefox 38.2.0ESR release:

       * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety
         hazards (rv:40.0 / rv:38.2)
       * MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file
       * MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable
         JavaScript object properties
       * MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright
       * MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in
         JavaScript
       * MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling
         bitmap images
       * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx
         when decoding WebM video
       * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
         Vulnerabilities found through code inspection
       * MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with
         shared workers
   Security Issues:

       * CVE-2015-4473
         
       * CVE-2015-4474
         
       * CVE-2015-4475
         
       * CVE-2015-4478
         
       * CVE-2015-4479
         
       * CVE-2015-4484
         
       * CVE-2015-4485
         
       * CVE-2015-4486
         
       * CVE-2015-4487
         
       * CVE-2015-4488
         
       * CVE-2015-4489
         
       * CVE-2015-4491
         
       * CVE-2015-4492
         
       * CVE-2015-4497
         
       * CVE-2015-4498
         
       * CVE-2015-4500
         
       * CVE-2015-4501
         
       * CVE-2015-4506
         
       * CVE-2015-4509
         
       * CVE-2015-4511
         
       * CVE-2015-4513
         
       * CVE-2015-4517
         
       * CVE-2015-4519
         
       * CVE-2015-4520
         
       * CVE-2015-4521
         
       * CVE-2015-4522
         
       * CVE-2015-7174
         
       * CVE-2015-7175
         
       * CVE-2015-7176
         
       * CVE-2015-7177
         
       * CVE-2015-7180
         
       * CVE-2015-7181
         
       * CVE-2015-7182
         
       * CVE-2015-7183
         
       * CVE-2015-7188
         
       * CVE-2015-7189
         
       * CVE-2015-7193
         
       * CVE-2015-7194
         
       * CVE-2015-7196
         
       * CVE-2015-7197
         
       * CVE-2015-7198
         
       * CVE-2015-7199
         
       * CVE-2015-7200
         



Package List:

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:

      mozilla-nspr-4.10.10-0.5.1
      mozilla-nspr-devel-4.10.10-0.5.1
      mozilla-nss-3.19.2.1-0.5.1
      mozilla-nss-devel-3.19.2.1-0.5.1
      mozilla-nss-tools-3.19.2.1-0.5.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]:

      mozilla-nspr-32bit-4.10.10-0.5.1
      mozilla-nss-32bit-3.19.2.1-0.5.1

   - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 38]:

      MozillaFirefox-38.4.0esr-0.7.1
      MozillaFirefox-branding-SLED-38-0.5.3
      MozillaFirefox-translations-38.4.0esr-0.7.1


References:

   https://www.suse.com/security/cve/CVE-2015-4473.html
   https://www.suse.com/security/cve/CVE-2015-4474.html
   https://www.suse.com/security/cve/CVE-2015-4475.html
   https://www.suse.com/security/cve/CVE-2015-4478.html
   https://www.suse.com/security/cve/CVE-2015-4479.html
   https://www.suse.com/security/cve/CVE-2015-4484.html
   https://www.suse.com/security/cve/CVE-2015-4485.html
   https://www.suse.com/security/cve/CVE-2015-4486.html
   https://www.suse.com/security/cve/CVE-2015-4487.html
   https://www.suse.com/security/cve/CVE-2015-4488.html
   https://www.suse.com/security/cve/CVE-2015-4489.html
   https://www.suse.com/security/cve/CVE-2015-4491.html
   https://www.suse.com/security/cve/CVE-2015-4492.html
   https://www.suse.com/security/cve/CVE-2015-4497.html
   https://www.suse.com/security/cve/CVE-2015-4498.html
   https://www.suse.com/security/cve/CVE-2015-4500.html
   https://www.suse.com/security/cve/CVE-2015-4501.html
   https://www.suse.com/security/cve/CVE-2015-4506.html
   https://www.suse.com/security/cve/CVE-2015-4509.html
   https://www.suse.com/security/cve/CVE-2015-4511.html
   https://www.suse.com/security/cve/CVE-2015-4513.html
   https://www.suse.com/security/cve/CVE-2015-4517.html
   https://www.suse.com/security/cve/CVE-2015-4519.html
   https://www.suse.com/security/cve/CVE-2015-4520.html
   https://www.suse.com/security/cve/CVE-2015-4521.html
   https://www.suse.com/security/cve/CVE-2015-4522.html
   https://www.suse.com/security/cve/CVE-2015-7174.html
   https://www.suse.com/security/cve/CVE-2015-7175.html
   https://www.suse.com/security/cve/CVE-2015-7176.html
   https://www.suse.com/security/cve/CVE-2015-7177.html
   https://www.suse.com/security/cve/CVE-2015-7180.html
   https://www.suse.com/security/cve/CVE-2015-7181.html
   https://www.suse.com/security/cve/CVE-2015-7182.html
   https://www.suse.com/security/cve/CVE-2015-7183.html
   https://www.suse.com/security/cve/CVE-2015-7188.html
   https://www.suse.com/security/cve/CVE-2015-7189.html
   https://www.suse.com/security/cve/CVE-2015-7193.html
   https://www.suse.com/security/cve/CVE-2015-7194.html
   https://www.suse.com/security/cve/CVE-2015-7196.html
   https://www.suse.com/security/cve/CVE-2015-7197.html
   https://www.suse.com/security/cve/CVE-2015-7198.html
   https://www.suse.com/security/cve/CVE-2015-7199.html
   https://www.suse.com/security/cve/CVE-2015-7200.html
   https://bugzilla.suse.com/908275
   https://bugzilla.suse.com/940806
   https://bugzilla.suse.com/943557
   https://bugzilla.suse.com/943558
   https://bugzilla.suse.com/943608
   https://bugzilla.suse.com/947003
   https://bugzilla.suse.com/952810
   https://scc.suse.com:443/patches/

SuSE: 2015:2081-1: important: Mozilla Firefox

November 23, 2015
An update that fixes 43 vulnerabilities is now available

Summary

MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues. * MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues It also includes fixes from 38.3.0ESR: * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection It also includes fixes from the Firefox 38.2.1ESR release: * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs It also includes fixes from the Firefox 38.2.0ESR release: * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) * MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright * MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers Security Issues: * CVE-2015-4473 * CVE-2015-4474 * CVE-2015-4475 * CVE-2015-4478 * CVE-2015-4479 * CVE-2015-4484 * CVE-2015-4485 * CVE-2015-4486 * CVE-2015-4487 * CVE-2015-4488 * CVE-2015-4489 * CVE-2015-4491 * CVE-2015-4492 * CVE-2015-4497 * CVE-2015-4498 * CVE-2015-4500 * CVE-2015-4501 * CVE-2015-4506 * CVE-2015-4509 * CVE-2015-4511 * CVE-2015-4513 * CVE-2015-4517 * CVE-2015-4519 * CVE-2015-4520 * CVE-2015-4521 * CVE-2015-4522 * CVE-2015-7174 * CVE-2015-7175 * CVE-2015-7176 * CVE-2015-7177 * CVE-2015-7180 * CVE-2015-7181 * CVE-2015-7182 * CVE-2015-7183 * CVE-2015-7188 * CVE-2015-7189 * CVE-2015-7193 * CVE-2015-7194 * CVE-2015-7196 * CVE-2015-7197 * CVE-2015-7198 * CVE-2015-7199 * CVE-2015-7200 Package List: - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]: mozilla-nspr-4.10.10-0.5.1 mozilla-nspr-devel-4.10.10-0.5.1 mozilla-nss-3.19.2.1-0.5.1 mozilla-nss-devel-3.19.2.1-0.5.1 mozilla-nss-tools-3.19.2.1-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64) [New Version: 3.19.2.1 and 4.10.10]: mozilla-nspr-32bit-4.10.10-0.5.1 mozilla-nss-32bit-3.19.2.1-0.5.1 - SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x) [New Version: 38]: MozillaFirefox-38.4.0esr-0.7.1 MozillaFirefox-branding-SLED-38-0.5.3 MozillaFirefox-translations-38.4.0esr-0.7.1

References

#908275 #940806 #943557 #943558 #943608 #947003

#952810

Cross- CVE-2015-4473 CVE-2015-4474 CVE-2015-4475

CVE-2015-4478 CVE-2015-4479 CVE-2015-4484

CVE-2015-4485 CVE-2015-4486 CVE-2015-4487

CVE-2015-4488 CVE-2015-4489 CVE-2015-4491

CVE-2015-4492 CVE-2015-4497 CVE-2015-4498

CVE-2015-4500 CVE-2015-4501 CVE-2015-4506

CVE-2015-4509 CVE-2015-4511 CVE-2015-4513

CVE-2015-4517 CVE-2015-4519 CVE-2015-4520

CVE-2015-4521 CVE-2015-4522 CVE-2015-7174

CVE-2015-7175 CVE-2015-7176 CVE-2015-7177

CVE-2015-7180 CVE-2015-7181 CVE-2015-7182

CVE-2015-7183 CVE-2015-7188 CVE-2015-7189

CVE-2015-7193 CVE-2015-7194 CVE-2015-7196

CVE-2015-7197 CVE-2015-7198 CVE-2015-7199

CVE-2015-7200

Affected Products:

SUSE Linux Enterprise Server 10 SP4 LTSS

https://www.suse.com/security/cve/CVE-2015-4473.html

https://www.suse.com/security/cve/CVE-2015-4474.html

https://www.suse.com/security/cve/CVE-2015-4475.html

https://www.suse.com/security/cve/CVE-2015-4478.html

https://www.suse.com/security/cve/CVE-2015-4479.html

https://www.suse.com/security/cve/CVE-2015-4484.html

https://www.suse.com/security/cve/CVE-2015-4485.html

https://www.suse.com/security/cve/CVE-2015-4486.html

https://www.suse.com/security/cve/CVE-2015-4487.html

https://www.suse.com/security/cve/CVE-2015-4488.html

https://www.suse.com/security/cve/CVE-2015-4489.html

https://www.suse.com/security/cve/CVE-2015-4491.html

https://www.suse.com/security/cve/CVE-2015-4492.html

https://www.suse.com/security/cve/CVE-2015-4497.html

https://www.suse.com/security/cve/CVE-2015-4498.html

https://www.suse.com/security/cve/CVE-2015-4500.html

https://www.suse.com/security/cve/CVE-2015-4501.html

https://www.suse.com/security/cve/CVE-2015-4506.html

https://www.suse.com/security/cve/CVE-2015-4509.html

https://www.suse.com/security/cve/CVE-2015-4511.html

https://www.suse.com/security/cve/CVE-2015-4513.html

https://www.suse.com/security/cve/CVE-2015-4517.html

https://www.suse.com/security/cve/CVE-2015-4519.html

https://www.suse.com/security/cve/CVE-2015-4520.html

https://www.suse.com/security/cve/CVE-2015-4521.html

https://www.suse.com/security/cve/CVE-2015-4522.html

https://www.suse.com/security/cve/CVE-2015-7174.html

https://www.suse.com/security/cve/CVE-2015-7175.html

https://www.suse.com/security/cve/CVE-2015-7176.html

https://www.suse.com/security/cve/CVE-2015-7177.html

https://www.suse.com/security/cve/CVE-2015-7180.html

https://www.suse.com/security/cve/CVE-2015-7181.html

https://www.suse.com/security/cve/CVE-2015-7182.html

https://www.suse.com/security/cve/CVE-2015-7183.html

https://www.suse.com/security/cve/CVE-2015-7188.html

https://www.suse.com/security/cve/CVE-2015-7189.html

https://www.suse.com/security/cve/CVE-2015-7193.html

https://www.suse.com/security/cve/CVE-2015-7194.html

https://www.suse.com/security/cve/CVE-2015-7196.html

https://www.suse.com/security/cve/CVE-2015-7197.html

https://www.suse.com/security/cve/CVE-2015-7198.html

https://www.suse.com/security/cve/CVE-2015-7199.html

https://www.suse.com/security/cve/CVE-2015-7200.html

https://bugzilla.suse.com/908275

https://bugzilla.suse.com/940806

https://bugzilla.suse.com/943557

https://bugzilla.suse.com/943558

https://bugzilla.suse.com/943608

https://bugzilla.suse.com/947003

https://bugzilla.suse.com/952810

https://scc.suse.com:443/patches/

Severity
Announcement ID: SUSE-SU-2015:2081-1
Rating: important

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved