Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0978-1

Опубликовано: 19 мая 2015
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update to Firefox 31.7.0 ESR fixes the following issues:

* MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474. * MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video with Linux Gstreamer. Upstream references: bmo#1080995. * MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and CSS. Upstream references: bmo#1149542. * MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing with vertical text enabled. Upstream references: bmo#1153478. * MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed XML. Upstream references: bmo#1140537.

Security Issues:

* CVE-2015-0797 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797> * CVE-2015-2708 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708> * CVE-2015-2709 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709> * CVE-2015-2710 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710> * CVE-2015-2713 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713> * CVE-2015-2716 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox-31.7.0esr-0.8.1
MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3
MozillaFirefox-31.7.0esr-0.8.1
MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA
MozillaFirefox-31.7.0esr-0.8.1
MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server for SAP Applications 11 SP3
MozillaFirefox-31.7.0esr-0.8.1
MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Software Development Kit 11 SP3
MozillaFirefox-devel-31.7.0esr-0.8.1

Ссылки

Описание

GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки

Описание

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки

Описание

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки

Описание

Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки

Описание

Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки

Описание

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.7.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.7.0esr-0.8.1
Ссылки
Уязвимость SUSE-SU-2015:0978-1