Описание
Security update for MozillaFirefox
Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues.
- MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
- MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video
- MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
- MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content
- MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects
- MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers
- MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection
More details can be found on https://www.mozilla.org/en-US/security/advisories/
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:1703-1
- E-Mail link for SUSE-SU-2015:1703-1
- SUSE Security Ratings
- SUSE Bug 947003
- SUSE CVE CVE-2015-4500 page
- SUSE CVE CVE-2015-4501 page
- SUSE CVE CVE-2015-4506 page
- SUSE CVE CVE-2015-4509 page
- SUSE CVE CVE-2015-4511 page
- SUSE CVE CVE-2015-4517 page
- SUSE CVE CVE-2015-4519 page
- SUSE CVE CVE-2015-4520 page
- SUSE CVE CVE-2015-4521 page
- SUSE CVE CVE-2015-4522 page
- SUSE CVE CVE-2015-7174 page
- SUSE CVE CVE-2015-7175 page
- SUSE CVE CVE-2015-7176 page
- SUSE CVE CVE-2015-7177 page
- SUSE CVE CVE-2015-7180 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-4500
- SUSE Bug 947003
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-4501
- SUSE Bug 947003
Описание
Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.
Затронутые продукты
Ссылки
- CVE-2015-4506
- SUSE Bug 947003
Описание
Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176.
Затронутые продукты
Ссылки
- CVE-2015-4509
- SUSE Bug 947003
Описание
Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video.
Затронутые продукты
Ссылки
- CVE-2015-4511
- SUSE Bug 947003
Описание
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-4517
- SUSE Bug 947003
Описание
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.
Затронутые продукты
Ссылки
- CVE-2015-4519
- SUSE Bug 947003
Описание
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header.
Затронутые продукты
Ссылки
- CVE-2015-4520
- SUSE Bug 947003
Описание
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-4521
- SUSE Bug 947003
Описание
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Затронутые продукты
Ссылки
- CVE-2015-4522
- SUSE Bug 947003
Описание
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Затронутые продукты
Ссылки
- CVE-2015-7174
- SUSE Bug 947003
Описание
The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
Затронутые продукты
Ссылки
- CVE-2015-7175
- SUSE Bug 947003
Описание
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7176
- SUSE Bug 947003
Описание
The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7177
- SUSE Bug 947003
Описание
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7180
- SUSE Bug 947003