Bugzilla – Bug 875803
VUL-0: MozillaFirefox: 24.5.0esr security release
Last modified: 2014-05-28 16:04:41 UTC
The following security issues where addressed with the latest MozillaFirefox ESR update: http://www.mozilla.org/security/announce/ http://www.mozilla.org/security/announce/2014/mfsa2014-46.html heap-use-after-free in libxul.so!nsHostResolver::ConditionallyRefreshRecord() (CVE-2014-1532) http://www.mozilla.org/security/announce/2014/mfsa2014-44.html ASAN heap-use-after-free in nsGenericHTMLElement::GetWidthHeightForImage (CVE-2014-1531) http://www.mozilla.org/security/announce/2014/mfsa2014-43.html It's possible to set a document's URI to a different document's URI by confusing docshell (CVE-2014-1530) http://www.mozilla.org/security/announce/2014/mfsa2014-42.html Arbitrary code execution from web notifications (CVE-2014-1529) http://www.mozilla.org/security/announce/2014/mfsa2014-38.html Global-buffer-overflow in nsXBLProtoImpl::InstallImplementation (CVE-2014-1524) http://www.mozilla.org/security/announce/2014/mfsa2014-37.html Heap-buffer-overflow in read_u32 (CVE-2014-1523) http://www.mozilla.org/security/announce/2014/mfsa2014-35.html Unsafe temp directory usage in maintenservice_installer.exe lead to possible privilege escalation (CVE-2014-1520) http://www.mozilla.org/security/announce/2014/mfsa2014-34.html Memory safety bugs fixed in Firefox ESR 24.5 and Firefox 29.0 (CVE-2014-1518)
Actually a dup of the latest generic update bug. *** This bug has been marked as a duplicate of bug 875378 ***
The SWAMPID for this issue is 57165. This issue was rated as important. Please submit fixed packages until 2014-05-07. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Affected packages: SLE-11-SP3: MozillaFirefox
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-64bit, libfreebl3-x86, libsoftokn3, libsoftokn3-32bit, libsoftokn3-64bit, libsoftokn3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-64bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-64bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86 Products: SLE-DEBUGINFO 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP3 (i386, x86_64) SLE-SDK 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP3 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP3 (i386, x86_64)
SUSE-SU-2014:0638-1: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 865539,869827,875378,875803 CVE References: CVE-2014-1518,CVE-2014-1520,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): MozillaFirefox-24.5.0esr-0.8.1, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): MozillaFirefox-24.5.0esr-0.8.1, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1 SUSE Linux Enterprise Server 11 SP3 (src): MozillaFirefox-24.5.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.36, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1 SUSE Linux Enterprise Desktop 11 SP3 (src): MozillaFirefox-24.5.0esr-0.8.1, MozillaFirefox-branding-SLED-24-0.7.36, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.8.1
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, mozilla-nss, mozilla-nss-debuginfo, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools Products: SLE-DEBUGINFO 11-SP1-TERADATA (x86_64) SLE-SERVER 11-SP1-TERADATA (x86_64)
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-debugsource, MozillaFirefox-devel, MozillaFirefox-translations, libfreebl3, libfreebl3-32bit, libfreebl3-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-debuginfo-32bit, mozilla-nss-debuginfo-x86, mozilla-nss-debugsource, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, s390x, x86_64) SLE-SERVER 11-SP2-LTSS (i386, s390x, x86_64)
SUSE-SU-2014:0638-2: An update that fixes 8 vulnerabilities is now available. Category: security (important) Bug References: 865539,869827,875378,875803 CVE References: CVE-2014-1518,CVE-2014-1520,CVE-2014-1523,CVE-2014-1524,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532 Sources used: SUSE Linux Enterprise Server 11 SP2 LTSS (src): MozillaFirefox-24.5.0esr-0.3.1, MozillaFirefox-branding-SLED-24-0.4.10.14, mozilla-nspr-4.10.4-0.3.1, mozilla-nss-3.16-0.3.1
Update released for: MozillaFirefox, MozillaFirefox-branding-SLED, MozillaFirefox-branding-upstream, MozillaFirefox-debuginfo, MozillaFirefox-devel, MozillaFirefox-translations, firefox-atk, firefox-atk-32bit, firefox-atk-debuginfo, firefox-atk-devel, firefox-atk-devel-32bit, firefox-atk-doc, firefox-atk-lang, firefox-atk-x86, firefox-cairo, firefox-cairo-32bit, firefox-cairo-debuginfo, firefox-cairo-devel, firefox-cairo-doc, firefox-cairo-x86, firefox-fontconfig, firefox-fontconfig-32bit, firefox-fontconfig-debuginfo, firefox-fontconfig-devel, firefox-fontconfig-x86, firefox-freetype2, firefox-freetype2-32bit, firefox-freetype2-debuginfo, firefox-freetype2-devel, firefox-freetype2-x86, firefox-glib2, firefox-glib2-32bit, firefox-glib2-debuginfo, firefox-glib2-devel, firefox-glib2-doc, firefox-glib2-lang, firefox-glib2-x86, firefox-gtk2, firefox-gtk2-32bit, firefox-gtk2-debuginfo, firefox-gtk2-devel, firefox-gtk2-doc, firefox-gtk2-lang, firefox-gtk2-x86, firefox-libgcc_s1, firefox-libstdc++6, firefox-pango, firefox-pango-32bit, firefox-pango-debuginfo, firefox-pango-devel, firefox-pango-doc, firefox-pango-x86, firefox-pcre, firefox-pcre-32bit, firefox-pcre-debuginfo, firefox-pcre-devel, firefox-pcre-x86, firefox-pixman, firefox-pixman-32bit, firefox-pixman-debuginfo, firefox-pixman-devel, firefox-pixman-x86, mozilla-nspr, mozilla-nspr-32bit, mozilla-nspr-debuginfo, mozilla-nspr-devel, mozilla-nspr-x86, mozilla-nss, mozilla-nss-32bit, mozilla-nss-debuginfo, mozilla-nss-devel, mozilla-nss-tools, mozilla-nss-x86, mozilla-xulrunner191, mozilla-xulrunner191-32bit, mozilla-xulrunner191-debuginfo, mozilla-xulrunner191-devel, mozilla-xulrunner191-gnomevfs, mozilla-xulrunner191-gnomevfs-32bit, mozilla-xulrunner191-gnomevfs-x86, mozilla-xulrunner191-translations, mozilla-xulrunner191-translations-32bit, mozilla-xulrunner191-translations-x86, mozilla-xulrunner191-x86, mozilla-xulrunner192, mozilla-xulrunner192-32bit, mozilla-xulrunner192-debuginfo, mozilla-xulrunner192-devel, mozilla-xulrunner192-gnome, mozilla-xulrunner192-gnome-32bit, mozilla-xulrunner192-gnome-x86, mozilla-xulrunner192-translations, mozilla-xulrunner192-translations-32bit, mozilla-xulrunner192-translations-x86, mozilla-xulrunner192-x86, python-xpcom191 Products: SLE-DEBUGINFO 10-SP3-TERADATA (x86_64) SLE-SERVER 10-SP3-TERADATA (x86_64)