Security update for Mozilla Firefox (important)

2015-11-23T22:10:12
ID SUSE-SU-2015:2081-1
Type suse
Reporter Suse
Modified 2015-11-23T22:10:12

Description

MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues.

   * MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards
     (rv:42.0 / rv:38.4)
   * MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address
     hostnames can bypass same-origin policy
   * MFSA 2015-123/CVE-2015-7189 Buffer overflow during image
     interactions in canvas
   * MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when
     non-standard Content-Type headers are received
   * MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip
     files
   * MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with
     Java applet
   * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
     Vulnerabilities found through code inspection
   * MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass
     through workers
   * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR
     memory corruption issues

It also includes fixes from 38.3.0ESR:

   * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety
     hazards (rv:41.0 / rv:38.3)
   * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing
     vp9 format video
   * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
   * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML
     media content
   * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes
     final URL after redirects
   * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight
     request headers
   * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522
     CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177
     CVE-2015-7180 Vulnerabilities found through code inspection

It also includes fixes from the Firefox 38.2.1ESR release:

   * MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing
     canvas element during restyling
   * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass
     through data URLs

It also includes fixes from the Firefox 38.2.0ESR release:

   * MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety
     hazards (rv:40.0 / rv:38.2)
   * MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file
   * MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable
     JavaScript object properties
   * MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright
   * MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in
     JavaScript
   * MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling
     bitmap images
   * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx
     when decoding WebM video
   * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489
     Vulnerabilities found through code inspection
   * MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with
     shared workers

Security Issues:

   * CVE-2015-4473
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473</a>>
   * CVE-2015-4474
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4474</a>>
   * CVE-2015-4475
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4475</a>>
   * CVE-2015-4478
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4478</a>>
   * CVE-2015-4479
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4479</a>>
   * CVE-2015-4484
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4484</a>>
   * CVE-2015-4485
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4485</a>>
   * CVE-2015-4486
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4486</a>>
   * CVE-2015-4487
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487</a>>
   * CVE-2015-4488
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488</a>>
   * CVE-2015-4489
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489</a>>
   * CVE-2015-4491
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491</a>>
   * CVE-2015-4492
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4492</a>>
   * CVE-2015-4497
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4497</a>>
   * CVE-2015-4498
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4498</a>>
   * CVE-2015-4500
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4500</a>>
   * CVE-2015-4501
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4501</a>>
   * CVE-2015-4506
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4506</a>>
   * CVE-2015-4509
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4509</a>>
   * CVE-2015-4511
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4511</a>>
   * CVE-2015-4513
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513</a>>
   * CVE-2015-4517
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4517</a>>
   * CVE-2015-4519
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4519</a>>
   * CVE-2015-4520
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4520</a>>
   * CVE-2015-4521
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4521</a>>
   * CVE-2015-4522
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4522</a>>
   * CVE-2015-7174
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7174</a>>
   * CVE-2015-7175
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7175</a>>
   * CVE-2015-7176
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7176</a>>
   * CVE-2015-7177
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7177</a>>
   * CVE-2015-7180
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7180</a>>
   * CVE-2015-7181
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181</a>>
   * CVE-2015-7182
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182</a>>
   * CVE-2015-7183
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183</a>>
   * CVE-2015-7188
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188</a>>
   * CVE-2015-7189
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189</a>>
   * CVE-2015-7193
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193</a>>
   * CVE-2015-7194
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194</a>>
   * CVE-2015-7196
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196</a>>
   * CVE-2015-7197
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197</a>>
   * CVE-2015-7198
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198</a>>
   * CVE-2015-7199
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199</a>>
   * CVE-2015-7200
     <<a  rel="nofollow" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200</a>>