Bug 925397 (CVE-2015-0808)

Summary: VUL-1: CVE-2015-0808: MozillaFirefox: Incorrect memory management for simple-type arrays in WebRTC (MFSA 2015-36)
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED DUPLICATE QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P5 - None CC: pcerny
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 13.2   
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 925368    

Description Andreas Stieger 2015-04-01 10:32:58 UTC 
Incorrect memory management for simple-type arrays in WebRTC

Announced: March 31, 2015
Reporter: Mitchell Harper
Impact: Low
Products: Firefox
Fixed in: Firefox 37

Description

Security researcher Mitchell Harper used Valgrind to discover incorrect memory management for simple-type arrays in WebRTC. This was undefined behavior which is theoretically dangerous but was determined to be safe in this instance. 

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
https://bugzilla.mozilla.org/show_bug.cgi?id=1109552
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0808
Comment 1 Andreas Stieger 2015-04-01 15:04:50 UTC 
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team.
Comment 2 Andreas Stieger 2015-04-02 08:44:09 UTC 
merge into parent

*** This bug has been marked as a duplicate of bug 925368 ***
Comment 3 Swamp Workflow Management 2015-04-08 09:06:01 UTC 
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166
CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1
openSUSE 13.1 (src):    MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1