Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0934-1 Final 1 1 2015-05-15T16:30:16Z current 2015-05-15T16:30:16Z 2015-05-15T16:30:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox The Mozilla Firefox web browser was updated to version 38.0.1 to fix several security and non-security issues. This update also includes a Mozilla Network Security Services (NSS) update to version 3.18.1. The following vulnerabilities and issues were fixed: Changes in Mozilla Firefox: - update to Firefox 38.0.1 stability and regression fixes * Systems with first generation NVidia Optimus graphics cards may crash on start-up * Users who import cookies from Google Chrome can end up with broken websites * Large animated images may fail to play and may stop other images from loading - update to Firefox 38.0 (bnc#930622) * New tab-based preferences * Ruby annotation support * more info: https://www.mozilla.org/en-US/firefox/38.0/releasenotes/ security fixes: * MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 Miscellaneous memory safety hazards * MFSA 2015-47/VE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer * MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS * MFSA 2015-49/CVE-2015-2711 (bmo#1113431) Referrer policy ignored when links opened by middle-click and context menu * MFSA 2015-50/CVE-2015-2712 (bmo#1152280) Out-of-bounds read and write in asm.js validation * MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled * MFSA 2015-53/CVE-2015-2715 (bmo#988698) Use-after-free due to Media Decoder Thread creation during shutdown * MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML * MFSA 2015-55/CVE-2015-2717 (bmo#1154683) Buffer overflow and out-of-bounds read while parsing MP4 video metadata * MFSA 2015-56/CVE-2015-2718 (bmo#1146724) Untrusted site hosting trusted page can intercept webchannel responses * MFSA 2015-57/CVE-2011-3079 (bmo#1087565) Privilege escalation through IPC channel messages Changes in Mozilla NSS: - update to 3.18.1 * Firefox target release 38 * No new functionality is introduced in this release. Notable Changes: * The following CA certificate had the Websites and Code Signing trust bits restored to their original state to allow more time to develop a better transition strategy for affected sites: - OU = Equifax Secure Certificate Authority * The following CA certificate was removed: - CN = e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi * The following intermediate CA certificate has been added as actively distrusted because it was mis-used to issue certificates for domain names the holder did not own or control: - CN=MCSHOLDING TEST, O=MCSHOLDING, C=EG * The version number of the updated root CA list has been set to 2.4 - update to 3.18 * Firefox target release 38 New functionality: * When importing certificates and keys from a PKCS#12 source, it's now possible to override the nicknames, prior to importing them into the NSS database, using new API SEC_PKCS12DecoderRenameCertNicknames. * The tstclnt test utility program has new command-line options -C, -D, -b and -R. Use -C one, two or three times to print information about the certificates received from a server, and information about the locally found and trusted issuer certificates, to diagnose server side configuration issues. It is possible to run tstclnt The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html E-Mail link for openSUSE-SU-2015:0934-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-38.0.1-74.1 MozillaFirefox-branding-upstream-38.0.1-74.1 MozillaFirefox-buildsymbols-38.0.1-74.1 MozillaFirefox-devel-38.0.1-74.1 MozillaFirefox-translations-common-38.0.1-74.1 MozillaFirefox-translations-other-38.0.1-74.1 libfreebl3-3.18.1-55.1 libfreebl3-32bit-3.18.1-55.1 libsoftokn3-3.18.1-55.1 libsoftokn3-32bit-3.18.1-55.1 mozilla-nss-3.18.1-55.1 mozilla-nss-32bit-3.18.1-55.1 mozilla-nss-certs-3.18.1-55.1 mozilla-nss-certs-32bit-3.18.1-55.1 mozilla-nss-devel-3.18.1-55.1 mozilla-nss-sysinit-3.18.1-55.1 mozilla-nss-sysinit-32bit-3.18.1-55.1 mozilla-nss-tools-3.18.1-55.1 The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors. CVE-2011-3079 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2011-3079.html CVE-2011-3079 https://bugzilla.suse.com/1122983 SUSE Bug 1122983 https://bugzilla.suse.com/760264 SUSE Bug 760264 https://bugzilla.suse.com/930622 SUSE Bug 930622 https://bugzilla.suse.com/986639 SUSE Bug 986639 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-2708 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2708.html CVE-2015-2708 https://bugzilla.suse.com/930622 SUSE Bug 930622 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-2709 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2709.html CVE-2015-2709 https://bugzilla.suse.com/930622 SUSE Bug 930622 Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. CVE-2015-2710 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2710.html CVE-2015-2710 https://bugzilla.suse.com/930622 SUSE Bug 930622 Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component. CVE-2015-2711 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2711.html CVE-2015-2711 https://bugzilla.suse.com/930622 SUSE Bug 930622 The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. CVE-2015-2712 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2712.html CVE-2015-2712 https://bugzilla.suse.com/930622 SUSE Bug 930622 Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. CVE-2015-2713 important Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2713.html CVE-2015-2713 https://bugzilla.suse.com/930622 SUSE Bug 930622 Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. CVE-2015-2715 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2715.html CVE-2015-2715 https://bugzilla.suse.com/930622 SUSE Bug 930622 Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. CVE-2015-2716 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2716.html CVE-2015-2716 https://bugzilla.suse.com/930622 SUSE Bug 930622 https://bugzilla.suse.com/939077 SUSE Bug 939077 https://bugzilla.suse.com/980391 SUSE Bug 980391 https://bugzilla.suse.com/983985 SUSE Bug 983985 Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata. CVE-2015-2717 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2717.html CVE-2015-2717 https://bugzilla.suse.com/930622 SUSE Bug 930622 The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. CVE-2015-2718 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-05/msg00036.html https://www.suse.com/security/cve/CVE-2015-2718.html CVE-2015-2718 https://bugzilla.suse.com/930622 SUSE Bug 930622