MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple
security issues.
* MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards
(rv:42.0 / rv:38.4)
* MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address
hostnames can bypass same-origin policy
* MFSA 2015-123/CVE-2015-7189 Buffer overflow during image
interactions in canvas
* MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when
non-standard Content-Type headers are received
* MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip
files
* MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with
Java applet
* MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
Vulnerabilities found through code inspection
* MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass
through workers
* MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR
memory corruption issues
It also includes fixes from 38.3.0ESR:
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
hazards (rv:41.0 / rv:38.3)
* MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing
vp9 format video
* MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML
media content
* MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes
final URL after redirects
* MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight
request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
CVE-2015-7180 Vulnerabilities found through code inspection
It also includes fixes from the Firefox 38.2.1ESR release:
* MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing
canvas element during restyling
* MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass
through data URLs
It also includes fixes from the Firefox 38.2.0ESR release:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety
hazards (rv:40.0 / rv:38.2)
* MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file
* MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable
JavaScript object properties
* MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright
* MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in
JavaScript
* MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling
bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx
when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
Vulnerabilities found through code inspection
* MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with
shared workers
Security Issues:
* CVE-2015-4473
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473</a>>
* CVE-2015-4474
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474</a>>
* CVE-2015-4475
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475</a>>
* CVE-2015-4478
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478</a>>
* CVE-2015-4479
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479</a>>
* CVE-2015-4484
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484</a>>
* CVE-2015-4485
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485</a>>
* CVE-2015-4486
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486</a>>
* CVE-2015-4487
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487</a>>
* CVE-2015-4488
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488</a>>
* CVE-2015-4489
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489</a>>
* CVE-2015-4491
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491</a>>
* CVE-2015-4492
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492</a>>
* CVE-2015-4497
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497</a>>
* CVE-2015-4498
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498</a>>
* CVE-2015-4500
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500</a>>
* CVE-2015-4501
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501</a>>
* CVE-2015-4506
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506</a>>
* CVE-2015-4509
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509</a>>
* CVE-2015-4511
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511</a>>
* CVE-2015-4513
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513</a>>
* CVE-2015-4517
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517</a>>
* CVE-2015-4519
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519</a>>
* CVE-2015-4520
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520</a>>
* CVE-2015-4521
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521</a>>
* CVE-2015-4522
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522</a>>
* CVE-2015-7174
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174</a>>
* CVE-2015-7175
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175</a>>
* CVE-2015-7176
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176</a>>
* CVE-2015-7177
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177</a>>
* CVE-2015-7180
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180</a>>
* CVE-2015-7181
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181</a>>
* CVE-2015-7182
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182</a>>
* CVE-2015-7183
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183</a>>
* CVE-2015-7188
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188</a>>
* CVE-2015-7189
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189</a>>
* CVE-2015-7193
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193</a>>
* CVE-2015-7194
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194</a>>
* CVE-2015-7196
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196</a>>
* CVE-2015-7197
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197</a>>
* CVE-2015-7198
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198</a>>
* CVE-2015-7199
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199</a>>
* CVE-2015-7200
<<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200</a>>