Описание
Security update for MozillaFirefox
MozillaFirefox was updated to version 31.5.0 ESR to fix five security issues.
These security issues were fixed:
- CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597).
- CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597).
- CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597).
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Software Development Kit 12
Ссылки
- Link for SUSE-SU-2015:0412-1
- E-Mail link for SUSE-SU-2015:0412-1
- SUSE Security Ratings
- SUSE Bug 917597
- SUSE CVE CVE-2015-0822 page
- SUSE CVE CVE-2015-0827 page
- SUSE CVE CVE-2015-0831 page
- SUSE CVE CVE-2015-0835 page
- SUSE CVE CVE-2015-0836 page
Описание
The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2015-0822
- SUSE Bug 910669
- SUSE Bug 917597
- SUSE Bug 923534
- SUSE Bug 924515
Описание
Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic.
Затронутые продукты
Ссылки
- CVE-2015-0827
- SUSE Bug 910669
- SUSE Bug 917597
- SUSE Bug 923534
- SUSE Bug 924515
Описание
Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation.
Затронутые продукты
Ссылки
- CVE-2015-0831
- SUSE Bug 910669
- SUSE Bug 917597
- SUSE Bug 923534
- SUSE Bug 924515
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-0835
- SUSE Bug 910669
- SUSE Bug 917597
- SUSE Bug 924515
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-0836
- SUSE Bug 910669
- SUSE Bug 917597
- SUSE Bug 923534
- SUSE Bug 924515