Security update for Mozilla Firefox (important)

ID SUSE-SU-2014:0727-1
Type suse
Reporter Suse
Modified 2014-05-28T22:05:08


This Mozilla Firefox update provides several security and non-security fixes.

MozillaFirefox has been updated to 24.5.0esr, which fixes the following issues:

   * MFSA 2014-34/CVE-2014-1518 Miscellaneous memory safety hazards
   * MFSA 2014-37/CVE-2014-1523 Out of bounds read while decoding JPG
   * MFSA 2014-38/CVE-2014-1524 Buffer overflow when using non-XBL object
     as XBL
   * MFSA 2014-42/CVE-2014-1529 Privilege escalation through Web
     Notification API
   * MFSA 2014-43/CVE-2014-1530 Cross-site scripting (XSS) using history
   * MFSA 2014-44/CVE-2014-1531 Use-after-free in imgLoader while
     resizing images
   * MFSA 2014-46/CVE-2014-1532 Use-after-free in nsHostResolver

Mozilla NSS has been updated to 3.16

   * required for Firefox 29
   * CVE-2014-1492_ In a wildcard certificate, the wildcard character
     should not be embedded within the U-label of an internationalized
     domain name. See the last bullet point in RFC 6125, Section 7.2.
   * Update of root certificates.