Описание
Security update for MozillaFirefox
MozillaFirefox was updated to version 38.5.0 ESR.
It fixes the following security issues:
- MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
- MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed
- MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures
- MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
- MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions
- MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2015:2336-1
- E-Mail link for SUSE-SU-2015:2336-1
- SUSE Security Ratings
- SUSE Bug 959277
- SUSE CVE CVE-2015-7201 page
- SUSE CVE CVE-2015-7202 page
- SUSE CVE CVE-2015-7205 page
- SUSE CVE CVE-2015-7210 page
- SUSE CVE CVE-2015-7212 page
- SUSE CVE CVE-2015-7213 page
- SUSE CVE CVE-2015-7214 page
- SUSE CVE CVE-2015-7222 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7201
- SUSE Bug 959277
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7202
- SUSE Bug 959277
Описание
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
Затронутые продукты
Ссылки
- CVE-2015-7205
- SUSE Bug 959277
Описание
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
Затронутые продукты
Ссылки
- CVE-2015-7210
- SUSE Bug 959277
Описание
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
Затронутые продукты
Ссылки
- CVE-2015-7212
- SUSE Bug 959277
Описание
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7213
- SUSE Bug 959277
Описание
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Затронутые продукты
Ссылки
- CVE-2015-7214
- SUSE Bug 959277
Описание
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7222
- SUSE Bug 959277