Bugzilla – Bug 908009
VUL-0: MozillaFirefox: Firefox 34/Firefox ESR 31.3/Thunderbird 31.3
Last modified: 2020-04-05 18:18:42 UTC
New Firefox, Firefox ESR and Thunderbird releases are available. December 2, 2014 https://www.mozilla.org/en-US/security/advisories/ Firefox 34 CVE-2014-1587: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1588: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1589: https://www.mozilla.org/en-US/security/advisories/mfsa2014-84/ CVE-2014-1590: https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/ CVE-2014-1591: https://www.mozilla.org/en-US/security/advisories/mfsa2014-86/ CVE-2014-1592: https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/ CVE-2014-1593: https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/ CVE-2014-1594: https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/ CVE-2014-1595: https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/ Firefox ESR 31.3 CVE-2014-1587: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1588: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1590: https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/ CVE-2014-1592: https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/ CVE-2014-1593: https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/ CVE-2014-1594: https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/ CVE-2014-1595: https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/ Thunderbird 31.3 CVE-2014-1587: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1588: https://www.mozilla.org/en-US/security/advisories/mfsa2014-83/ CVE-2014-1590: https://www.mozilla.org/en-US/security/advisories/mfsa2014-85/ CVE-2014-1592: https://www.mozilla.org/en-US/security/advisories/mfsa2014-87/ CVE-2014-1593: https://www.mozilla.org/en-US/security/advisories/mfsa2014-88/ CVE-2014-1594: https://www.mozilla.org/en-US/security/advisories/mfsa2014-89/ CVE-2014-1595: https://www.mozilla.org/en-US/security/advisories/mfsa2014-90/
I'll submit for openSUSE tomorrow (or tonight). There is a bit of confusion though since upstream provides a version 34.0.5 including the recently announced search provider changes but only for north america. I've prepared the version 34.0 which does not contain these changes. Now upgrading to 34.0.5 for consistency with upstream.
bugbot adjusting priority
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-12-10. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59895
This is an autogenerated message for OBS integration: This bug (908009) was mentioned in https://build.opensuse.org/request/show/263819 Factory / MozillaFirefox https://build.opensuse.org/request/show/263820 13.2 / MozillaFirefox https://build.opensuse.org/request/show/263821 13.1 / MozillaFirefox https://build.opensuse.org/request/show/263822 12.3 / MozillaFirefox https://build.opensuse.org/request/show/263823 Factory / MozillaThunderbird https://build.opensuse.org/request/show/263824 13.2 / MozillaThunderbird https://build.opensuse.org/request/show/263825 13.1 / MozillaThunderbird https://build.opensuse.org/request/show/263826 12.3 / MozillaThunderbird https://build.opensuse.org/request/show/263827 Factory / xulrunner
Seamonkey will follow a bit later. In addition to the above I had to submit a newer bugfix version of mozilla-nss which is a minimal requirement for Firefox 34
This is an autogenerated message for OBS integration: This bug (908009) was mentioned in https://build.opensuse.org/request/show/264046 Factory / seamonkey https://build.opensuse.org/request/show/264047 13.2 / seamonkey https://build.opensuse.org/request/show/264048 13.1 / seamonkey https://build.opensuse.org/request/show/264050 12.3 / seamonkey
Firefox 34 fixed also the following two CVEs: CVE-2014-8631: https://www.mozilla.org/en-US/security/advisories/mfsa2014-91/ CVE-2014-8632: https://www.mozilla.org/en-US/security/advisories/mfsa2014-91/
openSUSE-SU-2014:1581-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 900639,908009 CVE References: CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594 Sources used: openSUSE 13.2 (src): MozillaFirefox-34.0.5-5.4, mozilla-nspr-4.10.7-3.1, mozilla-nss-3.17.2-4.2 openSUSE 13.1 (src): MozillaFirefox-34.0.5-50.3, mozilla-nspr-4.10.7-19.1, mozilla-nss-3.17.2-47.2 openSUSE 12.3 (src): MozillaFirefox-34.0.5-1.94.3, mozilla-nspr-4.10.7-1.37.1, mozilla-nss-3.17.2-1.63.2
SUSE-SU-2014:1624-1: An update that fixes 9 vulnerabilities is now available. Category: security (important) Bug References: 908009 CVE References: CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-1595 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): MozillaFirefox-31.3.0esr-0.8.1 SUSE Linux Enterprise Server 11 SP3 for VMware (src): MozillaFirefox-31.3.0esr-0.8.1 SUSE Linux Enterprise Server 11 SP3 (src): MozillaFirefox-31.3.0esr-0.8.1 SUSE Linux Enterprise Server 11 SP2 LTSS (src): MozillaFirefox-31.3.0esr-0.3.1 SUSE Linux Enterprise Server 11 SP1 LTSS (src): MozillaFirefox-31.3.0esr-0.3.1 SUSE Linux Enterprise Server 10 SP4 LTSS (src): MozillaFirefox-31.3.0esr-0.5.1 SUSE Linux Enterprise Desktop 11 SP3 (src): MozillaFirefox-31.3.0esr-0.8.1
openSUSE-SU-2014:1654-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 900639,908009 CVE References: CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594 Sources used: openSUSE 13.2 (src): MozillaThunderbird-31.3.0-4.4 openSUSE 13.1 (src): MozillaThunderbird-31.3.0-70.39.3 openSUSE 12.3 (src): MozillaThunderbird-31.3.0-61.67.3
openSUSE-SU-2014:1655-1: An update that fixes 20 vulnerabilities is now available. Category: security (moderate) Bug References: 894370,900639,900941,908009 CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594 Sources used: openSUSE 13.2 (src): seamonkey-2.31-4.2
openSUSE-SU-2014:1656-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 900639,908009 CVE References: CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594 Sources used: openSUSE 13.1 (src): seamonkey-2.31-40.2 openSUSE 12.3 (src): seamonkey-2.31-1.65.2
openSUSE-SU-2015:0138-1: An update that fixes 74 vulnerabilities is now available. Category: security (important) Bug References: 876833,894370,900639,900941,908009,910669 CVE References: 2013-5611,2013-5612,2013-5614,2013-5619,2013-6672,2014-1480,2014-1483,2014-1484,2014-1485,2014-1488,2014-1489,2014-1492,2014-1498,2014-1499,2014-1500,2014-1502,2014-1504,2014-1519,2014-1522,2014-1525,2014-1526,2014-1528,2014-1539,2014-1540,2014-1542,2014-1543,2014-1549,2014-1550,2014-1552,2014-1553,2014-1558,2014-1559,2014-1560,2014-1561,2014-1563,2014-1564,2014-1565,2014-1574,2014-1576,2014-1577,2014-1578,2014-1581,2014-1583,2014-1585,2014-1586,2014-1587,2014-1590,2014-1592,2014-1593,2014-1594,2014-8634,2014-8635,2014-8638,2014-8639,2014-8641,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1569,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594 Sources used: openSUSE Evergreen 11.4 (src): MozillaFirefox-31.4.0-133.1, mozilla-nspr-4.10.7-49.1, mozilla-nss-3.17.3-104.1
released
This is an autogenerated message for OBS integration: This bug (908009) was mentioned in https://build.opensuse.org/request/show/292324 Evergreen:11.4 / MozillaThunderbird
openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available. Category: security (important) Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979 CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000 Sources used: openSUSE Evergreen 11.4 (src): MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1