Bug 900941 – VUL-0: MozillaFirefox 33 security release

Bug 900941 - (CVE-2014-1575) VUL-0: MozillaFirefox 33 security release

(CVE-2014-1575)
Summary:	VUL-0: MozillaFirefox 33 security release

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All All

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:59570 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-10-13 14:24 UTC by Petr Cerny
Modified:	2020-04-05 18:18 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Cerny 2014-10-13 14:24:16 UTC

Planned release date is 2014-10-14

Firefox/Thunderbird/XULRunner 33
Firefox/Thunderbird/XULRunner 31.2.0 ESR
Seamonkey 2.30

Comment 1 Wolfgang Rosenauer 2014-10-13 21:54:40 UTC

openSUSE will get following updates:
mozilla-nspr 4.10.7
mozilla-nss 3.17.1
MozillaFirefox 33.0
MozillaThunderbird 31.2.0
Seamonkey 2.30
for all supported distributions

Comment 2 Swamp Workflow Management 2014-10-13 22:00:52 UTC

bugbot adjusting priority

Comment 4 Bernhard Wiedemann 2014-10-14 18:00:26 UTC

This is an autogenerated message for OBS integration:
This bug (900941) was mentioned in
https://build.opensuse.org/request/show/256323 Factory / MozillaFirefox
https://build.opensuse.org/request/show/256324 13.1 / MozillaFirefox

Comment 5 Bernhard Wiedemann 2014-10-14 19:00:14 UTC

This is an autogenerated message for OBS integration:
This bug (900941) was mentioned in
https://build.opensuse.org/request/show/256325 12.3 / MozillaFirefox
https://build.opensuse.org/request/show/256328 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/256332 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/256333 12.3 / MozillaThunderbird

Comment 6 Bernhard Wiedemann 2014-10-15 06:00:49 UTC

This is an autogenerated message for OBS integration:
This bug (900941) was mentioned in
https://build.opensuse.org/request/show/256558 Factory / MozillaThunderbird

Comment 7 Victor Pereira 2014-10-15 08:48:56 UTC

The following issues were fixed in this security release:

CVE-2014-1583: MFSA 2014-82 Accessing cross-origin objects via the Alarms API: https://www.mozilla.org/security/announce/2014/mfsa2014-82.html

CVE-2014-1585 and CVE-2014-1586: MFSA 2014-81 Inconsistent video sharing within iframe:https://www.mozilla.org/security/announce/2014/mfsa2014-81.html

CVE-2014-1582 and (CVE-2014-1584: MFSA 2014-80 Key pinning bypasses: https://www.mozilla.org/security/announce/2014/mfsa2014-80.html

CVE-2014-1581: MFSA 2014-79 Use-after-free interacting with text directionality: https://www.mozilla.org/security/announce/2014/mfsa2014-79.html

CVE-2014-1580: MFSA 2014-78 Further uninitialized memory use during GIF: https://www.mozilla.org/security/announce/2014/mfsa2014-78.html

CVE-2014-1578: MFSA 2014-77 Out-of-bounds write with WebM video: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html

CVE-2014-1577: MFSA 2014-76 Web Audio memory corruption issues with custom waveforms: https://www.mozilla.org/security/announce/2014/mfsa2014-76.html

CVE-2014-1576: MFSA 2014-75 Buffer overflow during CSS manipulation: https://www.mozilla.org/security/announce/2014/mfsa2014-75.html

CVE-2014-1575: MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2): https://www.mozilla.org/security/announce/2014/mfsa2014-74.html


reference: https://www.mozilla.org/security/announce/

Comment 9 Bernhard Wiedemann 2014-10-16 07:00:44 UTC

This is an autogenerated message for OBS integration:
This bug (900941) was mentioned in
https://build.opensuse.org/request/show/256811 12.3 / seamonkey
https://build.opensuse.org/request/show/256812 13.1 / seamonkey
https://build.opensuse.org/request/show/256813 Factory / seamonkey

Comment 11 Swamp Workflow Management 2014-10-22 07:57:10 UTC

An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-10-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59462

Comment 15 Juston Mortenson 2014-10-28 16:07:03 UTC

My partner ran a security scan on their SLES 11 SP1 system and it showed the vulnerabilities listed in comment 7 plus "CVE-2014-1574" that I don't see listed here.  
Does CVE-2014-1574 need to be included in this bug?
What is the ETA for having a fix for SLES 11 SP1?
There is nothing listed on http://support.novell.com/security/cve/ for these vulnerabilities, can we please update this webpage.

Comment 17 Swamp Workflow Management 2014-11-02 12:04:54 UTC

openSUSE-SU-2014:1343-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 900941
CVE References: CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 12.3 (src):    MozillaThunderbird-31.2.0-61.63.1

Comment 18 Swamp Workflow Management 2014-11-02 12:05:45 UTC

openSUSE-SU-2014:1344-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,896624,897890,900941,901213
CVE References: CVE-2014-1554,CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 12.3 (src):    MozillaFirefox-33.0-1.90.1, mozilla-nspr-4.10.7-1.34.1, mozilla-nss-3.17.1-1.59.1, seamonkey-2.30-1.61.1

Comment 19 Swamp Workflow Management 2014-11-02 12:06:45 UTC

openSUSE-SU-2014:1345-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,896624,897890,900941,901213
CVE References: CVE-2014-1554,CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-33.0-46.2, mozilla-nspr-4.10.7-16.1, mozilla-nss-3.17.1-43.1, seamonkey-2.30-36.2

Comment 20 Swamp Workflow Management 2014-11-02 12:07:11 UTC

openSUSE-SU-2014:1346-1: An update that fixes 7 vulnerabilities is now available.

Category: security (moderate)
Bug References: 900941
CVE References: CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 13.1 (src):    MozillaThunderbird-31.2.0-70.35.2

Comment 32 Swamp Workflow Management 2014-11-10 23:04:56 UTC

SUSE-SU-2014:1385-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 900941
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1583,CVE-2014-1585,CVE-2014-1586
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.14.2, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.2.0esr-0.14.2, MozillaFirefox-branding-SLES-for-VMware-31.0-0.3.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.14.2, MozillaFirefox-branding-SLED-31.0-0.8.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-31.2.0esr-0.9.1, MozillaFirefox-branding-SLED-31.0-0.3.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.14.2, MozillaFirefox-branding-SLED-31.0-0.8.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1

Comment 35 Swamp Workflow Management 2014-11-20 00:05:01 UTC

SUSE-SU-2014:1458-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 900941,905056,905528
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1583,CVE-2014-1585,CVE-2014-1586
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.16.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.2.0esr-0.16.1, MozillaFirefox-branding-SLES-for-VMware-31.0-0.5.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.16.1, MozillaFirefox-branding-SLED-31.0-0.10.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    MozillaFirefox-31.2.0esr-0.11.11.1, MozillaFirefox-branding-SLED-31.0-0.5.5.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.3.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.2.0esr-0.16.1, MozillaFirefox-branding-SLED-31.0-0.10.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.8.1

Comment 36 Swamp Workflow Management 2014-11-21 18:05:12 UTC

SUSE-SU-2014:1458-2: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 900941,905056,905528
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1583,CVE-2014-1585,CVE-2014-1586
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-31.2.0esr-0.11.11.1, MozillaFirefox-branding-SLED-31.0-0.5.5.1, mozilla-nspr-4.10.7-0.3.3, mozilla-nss-3.17.2-0.3.1

Comment 37 Swamp Workflow Management 2014-11-24 18:05:45 UTC

SUSE-SU-2014:1458-3: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 900941,905056,905528
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1583,CVE-2014-1585,CVE-2014-1586
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-31.2.0esr-0.11.1, MozillaFirefox-branding-SLED-31.0-0.7.1, mozilla-nspr-4.10.7-0.5.4, mozilla-nss-3.17.2-0.5.1

Comment 38 Swamp Workflow Management 2014-11-27 09:05:15 UTC

SUSE-SU-2014:1510-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 897890,900941
CVE References: CVE-2014-1568,CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1583,CVE-2014-1585,CVE-2014-1586
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-31.2.0esr-6.4, mozilla-nss-3.17.2-8.2
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-31.2.0esr-6.4, MozillaFirefox-branding-SLE-31-4.1, mozilla-nss-3.17.2-8.2
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-31.2.0esr-6.4, MozillaFirefox-branding-SLE-31-4.1, mozilla-nss-3.17.2-8.2

Comment 39 Victor Pereira 2014-11-27 16:39:55 UTC

already released.

Comment 40 Bernhard Wiedemann 2014-12-04 16:00:40 UTC

This is an autogenerated message for OBS integration:
This bug (900941) was mentioned in
https://build.opensuse.org/request/show/264047 13.2 / seamonkey

Comment 41 Swamp Workflow Management 2014-12-17 15:05:48 UTC

openSUSE-SU-2014:1655-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,900639,900941,908009
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594
Sources used:
openSUSE 13.2 (src):    seamonkey-2.31-4.2

Comment 42 Swamp Workflow Management 2015-01-25 15:06:01 UTC

openSUSE-SU-2015:0138-1: An update that fixes 74 vulnerabilities is now available.

Category: security (important)
Bug References: 876833,894370,900639,900941,908009,910669
CVE References: 2013-5611,2013-5612,2013-5614,2013-5619,2013-6672,2014-1480,2014-1483,2014-1484,2014-1485,2014-1488,2014-1489,2014-1492,2014-1498,2014-1499,2014-1500,2014-1502,2014-1504,2014-1519,2014-1522,2014-1525,2014-1526,2014-1528,2014-1539,2014-1540,2014-1542,2014-1543,2014-1549,2014-1550,2014-1552,2014-1553,2014-1558,2014-1559,2014-1560,2014-1561,2014-1563,2014-1564,2014-1565,2014-1574,2014-1576,2014-1577,2014-1578,2014-1581,2014-1583,2014-1585,2014-1586,2014-1587,2014-1590,2014-1592,2014-1593,2014-1594,2014-8634,2014-8635,2014-8638,2014-8639,2014-8641,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1569,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.4.0-133.1, mozilla-nspr-4.10.7-49.1, mozilla-nss-3.17.3-104.1

Comment 43 Swamp Workflow Management 2015-07-18 17:08:27 UTC

openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available.

Category: security (important)
Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979
CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1