Описание
Security update for MozillaFirefox
MozillaFirefox was updated to version 38.5.0 ESR to fix the following issues:
- MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
- MFSA 2015-138/CVE-2015-7210 A use-after-free in WebRTC when datachannel is used after being destroyed
- MFSA 2015-139/CVE-2015-7212 An integer overflow allocating extremely large textures
- MFSA 2015-145/CVE-2015-7205 A underflow found through code inspection
- MFSA 2015-146/CVE-2015-7213 A integer overflow in MP4 playback in 64-bit versions
- MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2015:2335-1
- E-Mail link for SUSE-SU-2015:2335-1
- SUSE Security Ratings
- SUSE Bug 959277
- SUSE CVE CVE-2015-7201 page
- SUSE CVE CVE-2015-7202 page
- SUSE CVE CVE-2015-7205 page
- SUSE CVE CVE-2015-7210 page
- SUSE CVE CVE-2015-7212 page
- SUSE CVE CVE-2015-7213 page
- SUSE CVE CVE-2015-7214 page
- SUSE CVE CVE-2015-7222 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7201
- SUSE Bug 959277
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7202
- SUSE Bug 959277
Описание
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
Затронутые продукты
Ссылки
- CVE-2015-7205
- SUSE Bug 959277
Описание
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
Затронутые продукты
Ссылки
- CVE-2015-7210
- SUSE Bug 959277
Описание
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
Затронутые продукты
Ссылки
- CVE-2015-7212
- SUSE Bug 959277
Описание
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7213
- SUSE Bug 959277
Описание
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Затронутые продукты
Ссылки
- CVE-2015-7214
- SUSE Bug 959277
Описание
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7222
- SUSE Bug 959277