Security update for MozillaFirefox, mozilla-nss (important)

2015-07-1311:07:56

lists.opensuse.org

0.975 High

EPSS

Percentile

100.0%

JSON

MozillaFirefox was updated to version 39.0 to fix 21 security issues.

These security issues were fixed:

CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety
hazards (bsc#935979).
CVE-2015-2727: Local files or privileged URLs in pages can be opened
into new tabs (bsc#935979).
CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).
CVE-2015-2729: Out-of-bound read while computing an oscillator rendering
range in Web Audio (bsc#935979).
CVE-2015-2731: Use-after-free in Content Policy due to microtask
execution error (bsc#935979).
CVE-2015-2730: ECDSA signature validation fails to handle some
signatures correctly (bsc#935979).
CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using
XMLHttpRequest (bsc#935979).

CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2
015-2739/CVE-2015-2740: Vulnerabilities found through code inspection
(bsc#935979).

CVE-2015-2741: Key pinning is ignored when overridable errors are
encountered (bsc#935979).
CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE
cipher suites (bsc#935979).
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange
(bsc#935979).

New features:

Share Hello URLs with social networks
Support for ‘switch’ role in ARIA 1.1 (web accessibility)
SafeBrowsing malware detection lookups enabled for downloads (Mac OS X
and Linux)
Support for new Unicode 8.0 skin tone emoji
Removed support for insecure SSLv3 for network communications
Disable use of RC4 except for temporarily whitelisted hosts
NPAPI Plug-in performance improved via asynchronous initialization

mozilla-nss was updated to version 3.19.2 to fix some of the security
issues listed above.

OSVersionArchitecturePackageVersionFilename
openSUSE13.1x86_64mozillafirefox-translations-other< 39.0-78.1MozillaFirefox-translations-other-39.0-78.1.x86_64.rpm
openSUSE13.1x86_64mozilla-nss-debugsource< 3.19.2-59.1mozilla-nss-debugsource-3.19.2-59.1.x86_64.rpm
openSUSE13.1x86_64libfreebl3-debuginfo-32bit< 3.19.2-59.1libfreebl3-debuginfo-32bit-3.19.2-59.1.x86_64.rpm
openSUSE13.2i586libfreebl3< 3.19.2-16.1libfreebl3-3.19.2-16.1.i586.rpm
openSUSE13.2i586libfreebl3-debuginfo< 3.19.2-16.1libfreebl3-debuginfo-3.19.2-16.1.i586.rpm
openSUSE13.2x86_64mozilla-nss-certs-32bit< 3.19.2-16.1mozilla-nss-certs-32bit-3.19.2-16.1.x86_64.rpm
openSUSE13.2i586mozillafirefox-debuginfo< 39.0-34.2MozillaFirefox-debuginfo-39.0-34.2.i586.rpm
openSUSE13.1i586libfreebl3< 3.19.2-59.1libfreebl3-3.19.2-59.1.i586.rpm
openSUSE13.2i586mozilla-nss-sysinit-debuginfo< 3.19.2-16.1mozilla-nss-sysinit-debuginfo-3.19.2-16.1.i586.rpm
openSUSE13.2x86_64mozilla-nss-sysinit-debuginfo-32bit< 3.19.2-16.1mozilla-nss-sysinit-debuginfo-32bit-3.19.2-16.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	13.1	x86_64	mozillafirefox-translations-other	< 39.0-78.1	MozillaFirefox-translations-other-39.0-78.1.x86_64.rpm
openSUSE	13.1	x86_64	mozilla-nss-debugsource	< 3.19.2-59.1	mozilla-nss-debugsource-3.19.2-59.1.x86_64.rpm
openSUSE	13.1	x86_64	libfreebl3-debuginfo-32bit	< 3.19.2-59.1	libfreebl3-debuginfo-32bit-3.19.2-59.1.x86_64.rpm
openSUSE	13.2	i586	libfreebl3	< 3.19.2-16.1	libfreebl3-3.19.2-16.1.i586.rpm
openSUSE	13.2	i586	libfreebl3-debuginfo	< 3.19.2-16.1	libfreebl3-debuginfo-3.19.2-16.1.i586.rpm
openSUSE	13.2	x86_64	mozilla-nss-certs-32bit	< 3.19.2-16.1	mozilla-nss-certs-32bit-3.19.2-16.1.x86_64.rpm
openSUSE	13.2	i586	mozillafirefox-debuginfo	< 39.0-34.2	MozillaFirefox-debuginfo-39.0-34.2.i586.rpm
openSUSE	13.1	i586	libfreebl3	< 3.19.2-59.1	libfreebl3-3.19.2-59.1.i586.rpm
openSUSE	13.2	i586	mozilla-nss-sysinit-debuginfo	< 3.19.2-16.1	mozilla-nss-sysinit-debuginfo-3.19.2-16.1.i586.rpm
openSUSE	13.2	x86_64	mozilla-nss-sysinit-debuginfo-32bit	< 3.19.2-16.1	mozilla-nss-sysinit-debuginfo-32bit-3.19.2-16.1.x86_64.rpm