Описание
Security update for Mozilla Thunderbird
Mozilla Thunderbird was updated to 38.5.0 to fix multiple security issues.
The following vulnerabilities were fixed: (boo#959277)
- CVE-2015-7201: Miscellaneous memory safety hazards
- CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
- CVE-2015-7212: Integer overflow allocating extremely large textures
- CVE-2015-7205: Underflow through code inspection
- CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
- CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- CVE-2015-7214: Cross-site reading attack through data and view-source URIs
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2015:2406-1
- SUSE Security Ratings
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2015-7201
- SUSE Bug 959277
Описание
Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet.
Затронутые продукты
Ссылки
- CVE-2015-7205
- SUSE Bug 959277
Описание
Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has been closed by a WebRTC function.
Затронутые продукты
Ссылки
- CVE-2015-7210
- SUSE Bug 959277
Описание
Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation.
Затронутые продукты
Ссылки
- CVE-2015-7212
- SUSE Bug 959277
Описание
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7213
- SUSE Bug 959277
Описание
Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs.
Затронутые продукты
Ссылки
- CVE-2015-7214
- SUSE Bug 959277
Описание
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
Затронутые продукты
Ссылки
- CVE-2015-7222
- SUSE Bug 959277