Bugzilla – Bug 925396
VUL-0: CVE-2015-0811: MozillaFirefox: Out of bounds read in QCMS library (MFSA 2015-34)
Last modified: 2015-04-08 09:05:51 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/ Out of bounds read in QCMS library Announced: March 31, 2015 Reporter: Felix Gröbert Impact: Moderate Products: Firefox Fixed in: Firefox 37 Description Security researcher Felix Gröbert of Google used the Address Sanitizer tool to discover an out of bounds read in the QCMS color management library while transforming images with certain parameters. This could lead to information disclosure. References References: https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/ https://bugzilla.mozilla.org/show_bug.cgi?id=1132468 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0811
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team.
merge into parent *** This bug has been marked as a duplicate of bug 925368 ***
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166 CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816 Sources used: openSUSE 13.2 (src): MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1 openSUSE 13.1 (src): MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1