Bug 925400 - (CVE-2015-0803) VUL-0: CVE-2015-0803, CVE-2015-0804: MozillaFirefox: Use-after-free due to type confusion flaws (MFSA 2015-39)
(CVE-2015-0803)
VUL-0: CVE-2015-0803, CVE-2015-0804: MozillaFirefox: Use-after-free due to ty...
Status: RESOLVED DUPLICATE of bug 925368
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 13.2
: P5 - None : Critical
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks: 925368
  Show dependency treegraph
 
Reported: 2015-04-01 10:33 UTC by Andreas Stieger
Modified: 2015-04-08 09:06 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-01 10:33:13 UTC
Use-after-free due to type confusion flaws

Announced:     March 31, 2015
Reporter:     Nils
Impact:     Critical
Products:     Firefox
Fixed in:
        Firefox 37

Description

Security researcher Nils used the Address Sanitizer tool to discover two type confusion flaws. The first of these occurs while setting specific attributes of a source element resulting in incorrect object casting. The second flaw occurs when binding a source to a tree when the function fails to validate the namespace. These flaws lead to use-after-free errors, resulting in potentially exploitable crashes.

References:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
https://bugzilla.mozilla.org/show_bug.cgi?id=1134561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0803
https://bugzilla.mozilla.org/show_bug.cgi?id=1134560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0804
Comment 1 Andreas Stieger 2015-04-01 15:04:51 UTC
Update for openSUSE 13.1 and 13.2 is running, assigning openSUSE only bugs back to security team.
Comment 2 Andreas Stieger 2015-04-02 08:44:00 UTC
merge into parent

*** This bug has been marked as a duplicate of bug 925368 ***
Comment 3 Swamp Workflow Management 2015-04-08 09:06:33 UTC
openSUSE-SU-2015:0677-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 925368,925392,925393,925394,925395,925396,925397,925398,925399,925400,925401,925402,926166
CVE References: CVE-2015-0799,CVE-2015-0801,CVE-2015-0802,CVE-2015-0803,CVE-2015-0804,CVE-2015-0805,CVE-2015-0806,CVE-2015-0807,CVE-2015-0808,CVE-2015-0811,CVE-2015-0812,CVE-2015-0813,CVE-2015-0814,CVE-2015-0815,CVE-2015-0816
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-37.0.1-23.1, MozillaThunderbird-31.6.0-15.3, mozilla-nspr-4.10.8-6.1
openSUSE 13.1 (src):    MozillaFirefox-37.0.1-68.1, MozillaThunderbird-31.6.0-70.50.2, mozilla-nspr-4.10.8-22.1