Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1703-1 Final 1 1 2015-10-05T17:04:52Z current 2015-10-05T17:04:52Z 2015-10-05T17:04:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues. * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection More details can be found on https://www.mozilla.org/en-US/security/advisories/ The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-firefox-20150923-12122,sdksp4-firefox-20150923-12122,sledsp3-firefox-20150923-12122,sledsp4-firefox-20150923-12122,slessp3-firefox-20150923-12122,slessp4-firefox-20150923-12122 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ Link for SUSE-SU-2015:1703-1 https://lists.suse.com/pipermail/sle-security-updates/2015-October/001618.html E-Mail link for SUSE-SU-2015:1703-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/947003 SUSE Bug 947003 https://www.suse.com/security/cve/CVE-2015-4500/ SUSE CVE CVE-2015-4500 page https://www.suse.com/security/cve/CVE-2015-4501/ SUSE CVE CVE-2015-4501 page https://www.suse.com/security/cve/CVE-2015-4506/ SUSE CVE CVE-2015-4506 page https://www.suse.com/security/cve/CVE-2015-4509/ SUSE CVE CVE-2015-4509 page https://www.suse.com/security/cve/CVE-2015-4511/ SUSE CVE CVE-2015-4511 page https://www.suse.com/security/cve/CVE-2015-4517/ SUSE CVE CVE-2015-4517 page https://www.suse.com/security/cve/CVE-2015-4519/ SUSE CVE CVE-2015-4519 page https://www.suse.com/security/cve/CVE-2015-4520/ SUSE CVE CVE-2015-4520 page https://www.suse.com/security/cve/CVE-2015-4521/ SUSE CVE CVE-2015-4521 page https://www.suse.com/security/cve/CVE-2015-4522/ SUSE CVE CVE-2015-4522 page https://www.suse.com/security/cve/CVE-2015-7174/ SUSE CVE CVE-2015-7174 page https://www.suse.com/security/cve/CVE-2015-7175/ SUSE CVE CVE-2015-7175 page https://www.suse.com/security/cve/CVE-2015-7176/ SUSE CVE CVE-2015-7176 page https://www.suse.com/security/cve/CVE-2015-7177/ SUSE CVE CVE-2015-7177 page https://www.suse.com/security/cve/CVE-2015-7180/ SUSE CVE CVE-2015-7180 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox-devel-38.3.0esr-22.1 MozillaFirefox-38.3.0esr-22.1 MozillaFirefox-translations-38.3.0esr-22.1 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 MozillaFirefox-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-translations-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-devel-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox-devel-38.3.0esr-22.1 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4500 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4500.html CVE-2015-4500 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4501 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4501.html CVE-2015-4501 https://bugzilla.suse.com/947003 SUSE Bug 947003 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. CVE-2015-4506 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4506.html CVE-2015-4506 https://bugzilla.suse.com/947003 SUSE Bug 947003 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. CVE-2015-4509 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4509.html CVE-2015-4509 https://bugzilla.suse.com/947003 SUSE Bug 947003 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. CVE-2015-4511 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4511.html CVE-2015-4511 https://bugzilla.suse.com/947003 SUSE Bug 947003 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4517 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4517.html CVE-2015-4517 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. CVE-2015-4519 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4519.html CVE-2015-4519 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. CVE-2015-4520 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4520.html CVE-2015-4520 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4521 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4521.html CVE-2015-4521 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-4522 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-4522.html CVE-2015-4522 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7174 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-7174.html CVE-2015-7174 https://bugzilla.suse.com/947003 SUSE Bug 947003 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7175 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-7175.html CVE-2015-7175 https://bugzilla.suse.com/947003 SUSE Bug 947003 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7176 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-7176.html CVE-2015-7176 https://bugzilla.suse.com/947003 SUSE Bug 947003 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7177 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-7177.html CVE-2015-7177 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7180 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-38.3.0esr-22.1 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-38.3.0esr-22.1 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-38.3.0esr-22.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151703-1/ https://www.suse.com/security/cve/CVE-2015-7180.html CVE-2015-7180 https://bugzilla.suse.com/947003 SUSE Bug 947003