Bug 925368

Summary: VUL-0: MozillaFirefox: 37 release, 31.6ESR release
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: astieger, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle11-sp3:61419 maint:released:sle10-sp3:61418
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 925392, 925393, 925394, 925395, 925396, 925397, 925398, 925399, 925400, 925401, 925402, 926166    
Bug Blocks:    

Description Marcus Meissner 2015-04-01 08:33:39 UTC
released yesterday, 

https://www.mozilla.org/en-US/security/advisories/
Comment 1 Bernhard Wiedemann 2015-04-01 12:00:35 UTC
This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/293906 Factory / MozillaFirefox
https://build.opensuse.org/request/show/293907 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/293908 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/293911 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/293912 13.2 / MozillaThunderbird
https://build.opensuse.org/request/show/293913 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/293915 Factory / xulrunner
Comment 2 Swamp Workflow Management 2015-04-01 13:07:50 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-04-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61408
Comment 3 Swamp Workflow Management 2015-04-01 22:00:14 UTC
bugbot adjusting priority
Comment 4 Andreas Stieger 2015-04-02 08:43:48 UTC
*** Bug 925398 has been marked as a duplicate of this bug. ***
Comment 5 Andreas Stieger 2015-04-02 08:43:50 UTC
*** Bug 925392 has been marked as a duplicate of this bug. ***
Comment 6 Andreas Stieger 2015-04-02 08:43:53 UTC
*** Bug 925393 has been marked as a duplicate of this bug. ***
Comment 7 Andreas Stieger 2015-04-02 08:43:55 UTC
*** Bug 925395 has been marked as a duplicate of this bug. ***
Comment 8 Andreas Stieger 2015-04-02 08:43:56 UTC
*** Bug 925401 has been marked as a duplicate of this bug. ***
Comment 9 Andreas Stieger 2015-04-02 08:43:59 UTC
*** Bug 925399 has been marked as a duplicate of this bug. ***
Comment 10 Andreas Stieger 2015-04-02 08:44:00 UTC
*** Bug 925400 has been marked as a duplicate of this bug. ***
Comment 11 Andreas Stieger 2015-04-02 08:44:03 UTC
*** Bug 925394 has been marked as a duplicate of this bug. ***
Comment 12 Andreas Stieger 2015-04-02 08:44:05 UTC
*** Bug 925396 has been marked as a duplicate of this bug. ***
Comment 13 Andreas Stieger 2015-04-02 08:44:06 UTC
*** Bug 925402 has been marked as a duplicate of this bug. ***
Comment 14 Andreas Stieger 2015-04-02 08:44:09 UTC
*** Bug 925397 has been marked as a duplicate of this bug. ***
Comment 15 Andreas Stieger 2015-04-02 08:45:18 UTC
bug 925398	VUL-0: CVE-2015-0807: MozillaFirefox: CORS requests should not follow 30x redirections after preflight (MFSA 2015-37)
bug 925392	VUL-0: CVE-2015-0814,CVE-2015-0815: MozillaFirefox,MozillaThunderbird: Miscellaneous memory safety hazards (MFSA 2015-30)
bug 925393	VUL-0: CVE-2015-0813: MozillaFirefox,MozillaThunderbird: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31)
bug 925401	VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass through anchor navigation (MFSA 2015-40)
bug 925395	VUL-0: CVE-2015-0816: MozillaFirefox,MozillaThunderbird: resource:// documents can load privileged pages (MFSA 2015-33)
bug 925399	VUL-0: CVE-2015-0805, CVE-2015-0806: MozillaFirefox: Memory corruption crashes in Off Main Thread Compositing (MFSA 2015-38)
bug 925400	VUL-0: CVE-2015-0803, CVE-2015-0804: MozillaFirefox: Use-after-free due to type confusion flaws (MFSA 2015-39)
bug 925402	VUL-0: CVE-2015-0802: MozillaFirefox: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)
bug 925394	VUL-0: CVE-2015-0812: MozillaFirefox: Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32)
bug 925396	VUL-0: CVE-2015-0811: MozillaFirefox: Out of bounds read in QCMS library (MFSA 2015-34)
bug 925397	VUL-1: CVE-2015-0808: MozillaFirefox: Incorrect memory management for simple-type arrays in WebRTC (MFSA 2015-36)
Comment 16 Bernhard Wiedemann 2015-04-07 11:00:09 UTC
This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/294723 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/294724 13.1 / MozillaFirefox
Comment 17 Swamp Workflow Management 2015-04-08 09:04:59 UTC
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166
CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1
openSUSE 13.1 (src):    MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1
Comment 18 Swamp Workflow Management 2015-04-10 15:05:06 UTC
SUSE-SU-2015:0704-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-31.6.0esr-30.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-31.6.0esr-30.1
Comment 19 Swamp Workflow Management 2015-04-10 16:04:54 UTC
SUSE-SU-2015:0704-2: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-31.6.0esr-30.1
Comment 20 Swamp Workflow Management 2015-04-11 04:05:01 UTC
SUSE-SU-2015:0706-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1
Comment 21 Andreas Stieger 2015-04-13 09:20:24 UTC
all released
Comment 22 Bernhard Wiedemann 2015-05-15 21:00:10 UTC
This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/307399 Evergreen:11.4 / MozillaFirefox
Comment 23 Swamp Workflow Management 2015-05-18 11:05:02 UTC
openSUSE-SU-2015:0892-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,930622
CVE References: CVE-2011-3079,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.7.0-140.1
Comment 24 Swamp Workflow Management 2015-07-18 17:09:20 UTC
openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available.

Category: security (important)
Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979
CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1