SUSE-SU-2015:1680-1

Description

Security update for MozillaFirefox, mozilla-nspr Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs.

Affected Systems

• suse•mozilla-nspr&distro=SUSE Linux Enterprise Desktop 12

  < 4.10.9-6.1

• suse•mozilla-nspr&distro=SUSE Linux Enterprise Server 12

  < 4.10.9-6.1

• suse•mozilla-nspr&distro=SUSE Linux Enterprise Server for SAP Applications 12

  < 4.10.9-6.1

• suse•mozilla-nspr&distro=SUSE Linux Enterprise Software Development Kit 12

  < 4.10.9-6.1

• suse•MozillaFirefox&distro=SUSE Linux Enterprise Desktop 12

  < 38.3.0esr-48.1

• suse•MozillaFirefox&distro=SUSE Linux Enterprise Server 12

  < 38.3.0esr-48.1

• suse•MozillaFirefox&distro=SUSE Linux Enterprise Server for SAP Applications 12

  < 38.3.0esr-48.1

• suse•MozillaFirefox&distro=SUSE Linux Enterprise Software Development Kit 12

  < 38.3.0esr-48.1

References (17)

• https://www.suse.com/support/update/announcement/2015/suse-su-20151680-1/
• https://bugzilla.suse.com/947003
• https://www.suse.com/security/cve/CVE-2015-4500
• https://www.suse.com/security/cve/CVE-2015-4501
• https://www.suse.com/security/cve/CVE-2015-4506
• https://www.suse.com/security/cve/CVE-2015-4509
• https://www.suse.com/security/cve/CVE-2015-4511
• https://www.suse.com/security/cve/CVE-2015-4517
• https://www.suse.com/security/cve/CVE-2015-4519
• https://www.suse.com/security/cve/CVE-2015-4520
• https://www.suse.com/security/cve/CVE-2015-4521
• https://www.suse.com/security/cve/CVE-2015-4522
• https://www.suse.com/security/cve/CVE-2015-7174
• https://www.suse.com/security/cve/CVE-2015-7175
• https://www.suse.com/security/cve/CVE-2015-7176
• https://www.suse.com/security/cve/CVE-2015-7177
• https://www.suse.com/security/cve/CVE-2015-7180