Bugzilla – Bug 645315
VUL-0: Mozilla Firefox 3.6.11 / 3.5.14
Last modified: 2020-04-05 18:14:18 UTC
Upstream updates are released. Currently uploading updates to mozilla:Factory and mozilla:maintained. Some notes about the changelog entries: * MFSA 2010-71/CVE-2010-3182 (bmo#590753, bnc#642502) Unsafe library loading vulnerabilities I guess you can confirm that's the same but different fix for our packages? In addition I copied the NSS advisories although NSS is used through the system library but I guess better mention it here as it's fixed package-wise by requiring mozilla-nss >= 3.12.8: * MFSA 2010-70/CVE-2010-3170 (bmo#578697) SSL wildcard certificate matching IP addresses * MFSA 2010-72/CVE-2010-3173 Insecure Diffie-Hellman key exchange I'll create submitrequests for 11.1-11.3 tomorrow once everything is uploaded and built.
Petr, for rolling back the 3.6 firefox on SLE10SP3 to 3.5 for this update, check the source out via osc -A https://api.suse.de co SUSE:SLE-10-SP3:Update MozillaFirefox instead of the :Test repo
submitrequests for mozilla-xulrunner192 MozillaFirefox MozillaThunderbird seamonkey mozilla-xulrunner191 done for 11.1, 11.2 and 11.3 to the *:Update:Test repos. mozilla:maintained/firefox35 contains the updated Firefox 3.5 package. The package is only used on SLE though so please submit changes needed back to the repo. Disclaimer: I couldn't fully verify that everything works in the target environment because the mozilla-nss update which is pending is needed to build and run the above. So please feel free to report build or other issues back to me.
The SWAMPID for this issue is 36611. This issue was rated as critical. Please submit fixed packages until 2010-10-22. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
MFSA 2010-64: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. References Paul Nickerson, Jesse Ruderman, Olli Pettay, Igor Bukanov and Josh Soref reported memory safety problems that affected Firefox 3.6 and Firefox 3.5. * Memory safety bugs - Firefox 3.6, Firefox 3.5 * CVE-2010-3176 Gary Kwong, Martijn Wargers and Siddharth Agarwal reported memory safety problems that affected Firefox 3.6 only. * Memory safety bugs - Firefox 3.6 * CVE-2010-3175 Jesse Ruderman reported a crash which affected Firefox 3.5 only. * https://bugzilla.mozilla.org/show_bug.cgi?id=476547 * CVE-2010-3174 MFSA 2010-65 / CVE-2010-3179: Security researcher Alexander Miller reported that passing an excessively long string to document.write could cause text rendering routines to end up in an inconsistent state with sections of stack memory being overwritten with the string data. An attacker could use this flaw to crash a victim's browser and potentially run arbitrary code on their computer. MFSA 2010-66 / CVE-2010-3180: Security researcher Sergey Glazunov reported that it was possible to access the locationbar property of a window object after it had been closed. Since the closed window's memory could have been subsequently reused by the system it was possible that an attempt to access the locationbar property could result in the execution of attacker-controlled memory. MFSA 2010-67 / CVE-2010-3183: Security researcher regenrecht reported via TippingPoint's Zero Day Initiative that when window.__lookupGetter__ is called with no arguments the code assumes the top JavaScript stack value is a property name. Since there were no arguments passed into the function, the top value could represent uninitialized memory or a pointer to a previously freed JavaScript object. Under such circumstances the value is passed to another subroutine which calls through the dangling pointer, potentially executing attacker-controlled memory. MFSA 2010-68 / CVE-2010-3177: Google security researcher Robert Swiecki reported that functions used by the Gopher parser to convert text to HTML tags could be exploited to turn text into executable JavaScript. If an attacker could create a file or directory on a Gopher server with the encoded script as part of its name the script would then run in a victim's browser within the context of the site. MFSA 2010-69 / CVE-2010-3178: Security researcher Eduardo Vela Nava reported that if a web page opened a new window and used a javascript: URL to make a modal call, such as alert(), then subsequently navigated the page to a different domain, once the modal call returned the opener of the window could get access to objects in the navigated window. This is a violation of the same-origin policy and could be used by an attacker to steal information from another web site. MFSA 2010-70 / CVE-2010-3170: Security researcher Richard Moore reported that when an SSL certificate was created with a common name containing a wildcard followed by a partial IP address a valid SSL connection could be established with a server whose IP address matched the wildcard range by browsing directly to the IP address. It is extremely unlikely that such a certificate would be issued by a Certificate Authority. MFSA 2010-71 / CVE-2010-3182: Dmitri Gribenko reported that the script used to launch Mozilla applications on Linux was effectively including the current working directory in the LD_LIBRARY_PATH environment variable. If an attacker was able to place into the current working directory a malicious shared library with the same name as a library that the bootstrapping script depends on the attacker could have their library loaded instead of the legitimate library.
MFSA 2010-72 / CVE-2010-3173: Mozilla cryptographer Nelson Bolyard reported that the SSL implementation was permitting servers to use Diffie-Hellman Ephemeral mode (DHE) with too short of a minimum key length. DHE keys of such lengths are trivially breakable on modern hardware so SSL servers operating in this mode were providing very little effective security for their clients.
Update released for: MozillaThunderbird, MozillaThunderbird-debuginfo, MozillaThunderbird-debugsource, MozillaThunderbird-devel, MozillaThunderbird-devel-debuginfo, MozillaThunderbird-translations, MozillaThunderbird-translations-common, MozillaThunderbird-translations-other, enigmail, enigmail-debuginfo Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Update released for: seamonkey, seamonkey-debuginfo, seamonkey-debugsource, seamonkey-dom-inspector, seamonkey-irc, seamonkey-mail, seamonkey-spellchecker, seamonkey-translations-common, seamonkey-translations-other, seamonkey-venkman Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
i released seamonkey and thunderbird as they are not on SLE. firefox will probably be 3.6.12 on release fgor opensuse (but I keep the old opensuse ones checked in still)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, MozillaFirefox-translations-common, MozillaFirefox-translations-other, mozilla-js192, mozilla-js192-debuginfo, mozilla-xulrunner192, mozilla-xulrunner192-buildsymbols, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-devel-debuginfo, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-debuginfo, mozilla-xulrunner192-translations-common, mozilla-xulrunner192-translations-other Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Update released for: mozilla-xulrunner191, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-debugsource, mozilla-xulrunner191-devel, mozilla-xulrunner191-devel-debuginfo, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-debuginfo, mozilla-xulrunner191-translations-common, mozilla-xulrunner191-translations-other, python-xpcom191, python-xpcom191-debuginfo Products: openSUSE 11.1 (debug, i586, ppc, x86_64) openSUSE 11.2 (debug, i586, x86_64) openSUSE 11.3 (debug, i586, x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-translations, mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-64bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-64bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-64bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, python-xpcom191 Products: SLE-DEBUGINFO 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-DESKTOP 10-SP3 (i386, x86_64) SLE-SAP-APL 10-SP3 (x86_64) SLE-SDK 10-SP3 (i386, ia64, ppc, s390x, x86_64) SLE-SERVER 10-SP3 (i386, ia64, ppc, s390x, x86_64)
released.
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debuginfo-32bit, mozilla-xulrunner192-debuginfo-x86, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-debuginfo-32bit, mozilla-xulrunner192-debuginfo-x86, mozilla-xulrunner192-debugsource, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-debuginfo-32bit, mozilla-xulrunner191-debuginfo-x86, mozilla-xulrunner191-debugsource, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, python-xpcom191 Products: SLE-DEBUGINFO 11 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11 (i386, x86_64) SLE-SDK 11 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11 (i386, ia64, ppc64, s390x, x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-translations, mozilla-xulrunner192, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-translations Products: SUSE-MOBLIN 2.1 (i386) SUSE-MOBLIN 2.1-DEBUG (i386)
Update released for: mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-debuginfo-32bit, mozilla-xulrunner191-debuginfo-x86, mozilla-xulrunner191-debugsource, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, python-xpcom191 Products: SLE-DEBUGINFO 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP1 (i386, x86_64) SLE-SDK 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP1 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP1 (i386, x86_64)
Update released for: mozilla-xulrunner191, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-debugsource, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-translations, python-xpcom191 Products: SUSE-MOBLIN 2.1 (i386) SUSE-MOBLIN 2.1-DEBUG (i386)
openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available. Category: security (important) Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370 CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567 Sources used: openSUSE 11.4 (src): MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1