Security update for MozillaFirefox, mozilla-nspr

Announcement ID: SUSE-SU-2015:1680-1
Rating: important
References:
Cross-References:
CVSS scores:
Affected Products:
  • SUSE Linux Enterprise Desktop 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Software Development Kit 12

An update that solves 15 vulnerabilities can now be installed.

Description:

Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues.

  • MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
  • MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video
  • MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
  • MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content
  • MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects
  • MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers
  • MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection

More details can be found on https://www.mozilla.org/en-US/security/advisories/

The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12
    zypper in -t patch SUSE-SLE-DESKTOP-12-2015-640=1
  • SUSE Linux Enterprise Software Development Kit 12
    zypper in -t patch SUSE-SLE-SDK-12-2015-640=1
  • SUSE Linux Enterprise Server 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1
  • SUSE Linux Enterprise Server for SAP Applications 12
    zypper in -t patch SUSE-SLE-SERVER-12-2015-640=1

Package List:

  • SUSE Linux Enterprise Desktop 12 (x86_64)
    • mozilla-nspr-debuginfo-4.10.9-6.1
    • MozillaFirefox-debuginfo-38.3.0esr-48.1
    • MozillaFirefox-debugsource-38.3.0esr-48.1
    • mozilla-nspr-debuginfo-32bit-4.10.9-6.1
    • mozilla-nspr-32bit-4.10.9-6.1
    • mozilla-nspr-4.10.9-6.1
    • mozilla-nspr-debugsource-4.10.9-6.1
    • MozillaFirefox-38.3.0esr-48.1
    • MozillaFirefox-translations-38.3.0esr-48.1
  • SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
    • mozilla-nspr-debuginfo-4.10.9-6.1
    • MozillaFirefox-debuginfo-38.3.0esr-48.1
    • MozillaFirefox-debugsource-38.3.0esr-48.1
    • mozilla-nspr-debugsource-4.10.9-6.1
    • MozillaFirefox-devel-38.3.0esr-48.1
    • mozilla-nspr-devel-4.10.9-6.1
  • SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
    • mozilla-nspr-debuginfo-4.10.9-6.1
    • MozillaFirefox-debuginfo-38.3.0esr-48.1
    • MozillaFirefox-debugsource-38.3.0esr-48.1
    • mozilla-nspr-4.10.9-6.1
    • mozilla-nspr-debugsource-4.10.9-6.1
    • MozillaFirefox-38.3.0esr-48.1
    • MozillaFirefox-translations-38.3.0esr-48.1
  • SUSE Linux Enterprise Server 12 (s390x x86_64)
    • mozilla-nspr-debuginfo-32bit-4.10.9-6.1
    • mozilla-nspr-32bit-4.10.9-6.1
  • SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
    • mozilla-nspr-debuginfo-4.10.9-6.1
    • MozillaFirefox-debuginfo-38.3.0esr-48.1
    • MozillaFirefox-debugsource-38.3.0esr-48.1
    • mozilla-nspr-debuginfo-32bit-4.10.9-6.1
    • mozilla-nspr-32bit-4.10.9-6.1
    • mozilla-nspr-4.10.9-6.1
    • mozilla-nspr-debugsource-4.10.9-6.1
    • MozillaFirefox-38.3.0esr-48.1
    • MozillaFirefox-translations-38.3.0esr-48.1

References: