Описание
Security update for MozillaFirefox
MozillaFirefox was updated to version 38.5.0 esr to fix the following issues:
Following security issues were fixed:
- MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
- MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed
- MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures
- MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
- MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions
- MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Server 11 SP3
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP3
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2015:2334-1
- E-Mail link for SUSE-SU-2015:2334-1
- SUSE Security Ratings
- SUSE Bug 959277
- SUSE CVE CVE-2015-7201 page
- SUSE CVE CVE-2015-7202 page
- SUSE CVE CVE-2015-7205 page
- SUSE CVE CVE-2015-7210 page
- SUSE CVE CVE-2015-7212 page
- SUSE CVE CVE-2015-7213 page
- SUSE CVE CVE-2015-7214 page
- SUSE CVE CVE-2015-7222 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7201
- SUSE Bug 959277
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7202
- SUSE Bug 959277
Описание
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
Затронутые продукты
Ссылки
- CVE-2015-7205
- SUSE Bug 959277
Описание
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
Затронутые продукты
Ссылки
- CVE-2015-7210
- SUSE Bug 959277
Описание
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
Затронутые продукты
Ссылки
- CVE-2015-7212
- SUSE Bug 959277
Описание
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7213
- SUSE Bug 959277
Описание
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Затронутые продукты
Ссылки
- CVE-2015-7214
- SUSE Bug 959277
Описание
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7222
- SUSE Bug 959277