Bugzilla – Bug 925399
VUL-0: CVE-2015-0805, CVE-2015-0806: MozillaFirefox: Memory corruption crashes in Off Main Thread Compositing (MFSA 2015-38)
Last modified: 2015-04-08 09:06:24 UTC
Memory corruption crashes in Off Main Thread Compositing Announced: March 31, 2015 Reporter: Abhishek Arya Impact: Critical Products: Firefox Fixed in: Firefox 37 Description Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover two memory corruption crashes during 2D graphics rendering due to problems in Off Main Thread Compositing. These crashes are potentially exploitable. References https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/ https://bugzilla.mozilla.org/show_bug.cgi?id=1135511 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0805 https://bugzilla.mozilla.org/show_bug.cgi?id=1099437 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0806
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team.
merge into parent *** This bug has been marked as a duplicate of bug 925368 ***
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available. Category: security (important) Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166 CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816 Sources used: openSUSE 13.2 (src): MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1 openSUSE 13.1 (src): MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1