Security update for MozillaFirefox

Announcement ID:	SUSE-SU-2015:0960-1
Rating:	important
References:	bsc#930622
Cross-References:	CVE-2015-0797 CVE-2015-2708 CVE-2015-2709 CVE-2015-2710 CVE-2015-2713 CVE-2015-2716
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12

An update that solves six vulnerabilities can now be installed.

Description:

This update to Firefox 31.7.0 ESR (bsc#930622) fixes the following issues:

• MFSA 2015-46/CVE-2015-2708/CVE-2015-2709 (bmo#1120655, bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977, bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526, bmo#1153688, bmo#1155474) Miscellaneous memory safety hazards (rv:38.0 / rv:31.7)
• MFSA 2015-47/CVE-2015-0797 (bmo#1080995) Buffer overflow parsing H.264 video with Linux Gstreamer
• MFSA 2015-48/CVE-2015-2710 (bmo#1149542) Buffer overflow with SVG content and CSS
• MFSA 2015-51/CVE-2015-2713 (bmo#1153478) Use-after-free during text processing with vertical text enabled
• MFSA 2015-54/CVE-2015-2716 (bmo#1140537) Buffer overflow when parsing compressed XML

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-217=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-217=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-217=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-217=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • MozillaFirefox-debuginfo-31.7.0esr-34.1
  • MozillaFirefox-debugsource-31.7.0esr-34.1
  • MozillaFirefox-translations-31.7.0esr-34.1
  • MozillaFirefox-31.7.0esr-34.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-31.7.0esr-34.1
  • MozillaFirefox-debugsource-31.7.0esr-34.1
  • MozillaFirefox-devel-31.7.0esr-34.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • MozillaFirefox-debuginfo-31.7.0esr-34.1
  • MozillaFirefox-debugsource-31.7.0esr-34.1
  • MozillaFirefox-translations-31.7.0esr-34.1
  • MozillaFirefox-31.7.0esr-34.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • MozillaFirefox-debuginfo-31.7.0esr-34.1
  • MozillaFirefox-debugsource-31.7.0esr-34.1
  • MozillaFirefox-translations-31.7.0esr-34.1
  • MozillaFirefox-31.7.0esr-34.1

References:

• https://www.suse.com/security/cve/CVE-2015-0797.html
• https://www.suse.com/security/cve/CVE-2015-2708.html
• https://www.suse.com/security/cve/CVE-2015-2709.html
• https://www.suse.com/security/cve/CVE-2015-2710.html
• https://www.suse.com/security/cve/CVE-2015-2713.html
• https://www.suse.com/security/cve/CVE-2015-2716.html
• https://bugzilla.suse.com/show_bug.cgi?id=930622