Bug 925368 – VUL-0: MozillaFirefox: 37 release, 31.6ESR release

Bug 925368 - VUL-0: MozillaFirefox: 37 release, 31.6ESR release


Summary:	VUL-0: MozillaFirefox: 37 release, 31.6ESR release

Status:	RESOLVED FIXED
Duplicates:	CVE-2015-0814 CVE-2015-0813 CVE-2015-0812 CVE-2015-0816 CVE-2015-0811 CVE-2015-0808 CVE-2015-0807 CVE-2015-0805 CVE-2015-0803 CVE-2015-0801 CVE-2015-0802 (view as bug list)

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle11-sp3:61419 maint...
Keywords:

Depends on:	CVE-2015-0814 CVE-2015-0813 CVE-2015-0812 CVE-2015-0816 CVE-2015-0811 CVE-2015-0808 CVE-2015-0807 CVE-2015-0805 CVE-2015-0803 CVE-2015-0801 CVE-2015-0802 CVE-2015-0799
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-04-01 08:33 UTC by Marcus Meissner
Modified:	2020-04-05 18:19 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-04-01 08:33:39 UTC

released yesterday, 

https://www.mozilla.org/en-US/security/advisories/

Comment 1 Bernhard Wiedemann 2015-04-01 12:00:35 UTC

This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/293906 Factory / MozillaFirefox
https://build.opensuse.org/request/show/293907 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/293908 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/293911 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/293912 13.2 / MozillaThunderbird
https://build.opensuse.org/request/show/293913 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/293915 Factory / xulrunner

Comment 2 Swamp Workflow Management 2015-04-01 13:07:50 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2015-04-15.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61408

Comment 3 Swamp Workflow Management 2015-04-01 22:00:14 UTC

bugbot adjusting priority

Comment 4 Andreas Stieger 2015-04-02 08:43:48 UTC

*** Bug 925398 has been marked as a duplicate of this bug. ***

Comment 5 Andreas Stieger 2015-04-02 08:43:50 UTC

*** Bug 925392 has been marked as a duplicate of this bug. ***

Comment 6 Andreas Stieger 2015-04-02 08:43:53 UTC

*** Bug 925393 has been marked as a duplicate of this bug. ***

Comment 7 Andreas Stieger 2015-04-02 08:43:55 UTC

*** Bug 925395 has been marked as a duplicate of this bug. ***

Comment 8 Andreas Stieger 2015-04-02 08:43:56 UTC

*** Bug 925401 has been marked as a duplicate of this bug. ***

Comment 9 Andreas Stieger 2015-04-02 08:43:59 UTC

*** Bug 925399 has been marked as a duplicate of this bug. ***

Comment 10 Andreas Stieger 2015-04-02 08:44:00 UTC

*** Bug 925400 has been marked as a duplicate of this bug. ***

Comment 11 Andreas Stieger 2015-04-02 08:44:03 UTC

*** Bug 925394 has been marked as a duplicate of this bug. ***

Comment 12 Andreas Stieger 2015-04-02 08:44:05 UTC

*** Bug 925396 has been marked as a duplicate of this bug. ***

Comment 13 Andreas Stieger 2015-04-02 08:44:06 UTC

*** Bug 925402 has been marked as a duplicate of this bug. ***

Comment 14 Andreas Stieger 2015-04-02 08:44:09 UTC

*** Bug 925397 has been marked as a duplicate of this bug. ***

Comment 15 Andreas Stieger 2015-04-02 08:45:18 UTC

bug 925398	VUL-0: CVE-2015-0807: MozillaFirefox: CORS requests should not follow 30x redirections after preflight (MFSA 2015-37)
bug 925392	VUL-0: CVE-2015-0814,CVE-2015-0815: MozillaFirefox,MozillaThunderbird: Miscellaneous memory safety hazards (MFSA 2015-30)
bug 925393	VUL-0: CVE-2015-0813: MozillaFirefox,MozillaThunderbird: Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31)
bug 925401	VUL-0: CVE-2015-0801: MozillaFirefox,MozillaThunderbird: Same-origin bypass through anchor navigation (MFSA 2015-40)
bug 925395	VUL-0: CVE-2015-0816: MozillaFirefox,MozillaThunderbird: resource:// documents can load privileged pages (MFSA 2015-33)
bug 925399	VUL-0: CVE-2015-0805, CVE-2015-0806: MozillaFirefox: Memory corruption crashes in Off Main Thread Compositing (MFSA 2015-38)
bug 925400	VUL-0: CVE-2015-0803, CVE-2015-0804: MozillaFirefox: Use-after-free due to type confusion flaws (MFSA 2015-39)
bug 925402	VUL-0: CVE-2015-0802: MozillaFirefox: Windows can retain access to privileged content on navigation to unprivileged pages (MFSA 2015-42)
bug 925394	VUL-0: CVE-2015-0812: MozillaFirefox: Add-on lightweight theme installation approval bypassed through MITM attack (MFSA 2015-32)
bug 925396	VUL-0: CVE-2015-0811: MozillaFirefox: Out of bounds read in QCMS library (MFSA 2015-34)
bug 925397	VUL-1: CVE-2015-0808: MozillaFirefox: Incorrect memory management for simple-type arrays in WebRTC (MFSA 2015-36)

Comment 16 Bernhard Wiedemann 2015-04-07 11:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/294723 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/294724 13.1 / MozillaFirefox

Comment 17 Swamp Workflow Management 2015-04-08 09:04:59 UTC

openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166
CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1
openSUSE 13.1 (src):    MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1

Comment 18 Swamp Workflow Management 2015-04-10 15:05:06 UTC

SUSE-SU-2015:0704-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-31.6.0esr-30.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-31.6.0esr-30.1

Comment 19 Swamp Workflow Management 2015-04-10 16:04:54 UTC

SUSE-SU-2015:0704-2: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-31.6.0esr-30.1

Comment 20 Swamp Workflow Management 2015-04-11 04:05:01 UTC

SUSE-SU-2015:0706-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 925368
CVE References: CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0814,CVE-2015-0816
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.6.0esr-0.8.1

Comment 21 Andreas Stieger 2015-04-13 09:20:24 UTC

all released

Comment 22 Bernhard Wiedemann 2015-05-15 21:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (925368) was mentioned in
https://build.opensuse.org/request/show/307399 Evergreen:11.4 / MozillaFirefox

Comment 23 Swamp Workflow Management 2015-05-18 11:05:02 UTC

openSUSE-SU-2015:0892-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,930622
CVE References: CVE-2011-3079,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.7.0-140.1

Comment 24 Swamp Workflow Management 2015-07-18 17:09:20 UTC

openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available.

Category: security (important)
Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979
CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1