Bug 935979 – VUL-0: MozillaFirefox 39 security release

Bug 935979 - VUL-0: MozillaFirefox 39 security release


Summary:	VUL-0: MozillaFirefox 39 security release

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All All

Priority:	P2 - High Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:	935033
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-06-24 23:36 UTC by Petr Cerny
Modified:	2020-04-05 18:19 UTC (History)
CC List:	9 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Cerny 2015-06-24 23:36:05 UTC

Planned release date is 2015-06-24

Firefox/Thunderbird/XULRunner 39
Firefox/Thunderbird/XULRunner 31.8.0 ESR
Firefox/Thunderbird/XULRunner 38.0.2 ESR
Seamonkey 2.36 (tentative)

Comment 2 Wolfgang Rosenauer 2015-06-25 03:27:05 UTC

Release apparently delayed upstream. Currently waiting for a confirmed final release.

Sidenote:
Firefox 39.0 will require NSS 3.19.2 which itself contains the fixes for logjam. Update will be submitted alongside for openSUSE.

Comment 3 Swamp Workflow Management 2015-06-25 09:16:08 UTC

An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-07-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62110

Comment 4 Andreas Stieger 2015-07-03 08:17:45 UTC

Fixed in Mozilla Firefox ESR 31.8:

CVE-2015-2724: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2728: Type confusion in Indexed Database Manager (MFSA-2015-61)
CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (MFSA-2015-64)
CVE-2015-2722: Use-after-free in workers while using XMLHttpRequest (MFSA-2015-65)
CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest with dedicated worker (MFSA-2015-65)
CVE-2015-2734: CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (MFSA-2015-66)
CVE-2015-2735: Memory safety bug due to bad test in nsZipArchive.cpp (MFSA-2015-66)
CVE-2015-2736: nsZipArchive::BuildFileList has memory-safety bug (MFSA-2015-66)
CVE-2015-2737: rx::d3d11::SetBufferData using uninitialized memory (MFSA-2015-66)
CVE-2015-2738: YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory (MFSA-2015-66)
CVE-2015-2739: Memory safety problem in ArrayBufferBuilder::append (MFSA-2015-66)
CVE-2015-2740: Overflow in nsXMLHttpRequest::AppendToResponseText causes memory-safety bug (MFSA-2015-66)
CVE-2015-2743: Privilege escalation in PDF.js (MFSA-2015-69)
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (MFSA-2015-70)
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (MFSA-2015-71)

Fixed in Mozilla Firefox (ESR 38.1, 39)

CVE-2015-2724: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2725: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2726: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs (MFSA-2015-60)
CVE-2015-2728: Type confusion in Indexed Database Manager (MFSA-2015-61)
CVE-2015-2729: Out-of-bound read while computing an oscillator rendering range in Web Audio (MFSA-2015-62)
CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (MFSA-2015-63)
CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (MFSA-2015-64)
CVE-2015-2722: Use-after-free in workers while using XMLHttpRequest (MFSA-2015-65)
CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest with dedicated worker (MFSA-2015-65)
CVE-2015-2734: CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (MFSA-2015-66)
CVE-2015-2735: Memory safety bug due to bad test in nsZipArchive.cpp (MFSA-2015-66)
CVE-2015-2736: nsZipArchive::BuildFileList has memory-safety bug (MFSA-2015-66)
CVE-2015-2737: rx::d3d11::SetBufferData using uninitialized memory (MFSA-2015-66)
CVE-2015-2738: YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory (MFSA-2015-66)
CVE-2015-2739: Memory safety problem in ArrayBufferBuilder::append (MFSA-2015-66)
CVE-2015-2740: Overflow in nsXMLHttpRequest::AppendToResponseText causes memory-safety bug (MFSA-2015-66)
CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (MFSA-2015-67)
CVE-2015-2743: Privilege escalation in PDF.js (MFSA-2015-69)
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (MFSA-2015-70)
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (MFSA-2015-71)

Fixed in Mozilla Thunderbird 38.1:

CVE-2015-2724: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2725: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2726: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (MFSA-2015-63)
CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (MFSA-2015-64)
CVE-2015-2722: Use-after-free in workers while using XMLHttpRequest (MFSA-2015-65)
CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest with dedicated worker (MFSA-2015-65)
CVE-2015-2734: CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (MFSA-2015-66)
CVE-2015-2735: Memory safety bug due to bad test in nsZipArchive.cpp (MFSA-2015-66)
CVE-2015-2736: nsZipArchive::BuildFileList has memory-safety bug (MFSA-2015-66)
CVE-2015-2737: rx::d3d11::SetBufferData using uninitialized memory (MFSA-2015-66)
CVE-2015-2738: YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory (MFSA-2015-66)
CVE-2015-2739: Memory safety problem in ArrayBufferBuilder::append (MFSA-2015-66)
CVE-2015-2740: Overflow in nsXMLHttpRequest::AppendToResponseText causes memory-safety bug (MFSA-2015-66)
CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (MFSA-2015-67)
CVE-2015-2743: Privilege escalation in PDF.js (MFSA-2015-69)
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (MFSA-2015-70)
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (MFSA-2015-71)

Not affecting SUSE/openSUSE:
CVE-2015-2742: OS X crash reports may contain entered key press information (MFSA-2015-68)

Comment 5 Andreas Stieger 2015-07-03 08:20:18 UTC

The update should contain the mozilla-nss fix bug 935033

Comment 7 Bernhard Wiedemann 2015-07-03 09:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (935979) was mentioned in
https://build.opensuse.org/request/show/314952 Factory / MozillaFirefox
https://build.opensuse.org/request/show/314953 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/314954 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/314955 Factory / xulrunner

Comment 8 Andreas Stieger 2015-07-03 09:27:20 UTC

Correction (for Wolfgang) https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

Mozilla Thunderbird 38.1:

CVE-2015-2724: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2725: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2726: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (MFSA-2015-63)
CVE-2015-2734: CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (MFSA-2015-66)
CVE-2015-2735: Memory safety bug due to bad test in nsZipArchive.cpp (MFSA-2015-66)
CVE-2015-2736: nsZipArchive::BuildFileList has memory-safety bug (MFSA-2015-66)
CVE-2015-2737: rx::d3d11::SetBufferData using uninitialized memory (MFSA-2015-66)
CVE-2015-2738: YCbCrImageDataDeserializer::ToDataSourceSurface using uninitialized memory (MFSA-2015-66)
CVE-2015-2739: Memory safety problem in ArrayBufferBuilder::append (MFSA-2015-66)
CVE-2015-2740: Overflow in nsXMLHttpRequest::AppendToResponseText causes memory-safety bug (MFSA-2015-66)
CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (MFSA-2015-67)
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (MFSA-2015-70)
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (MFSA-2015-71)

Comment 12 Scott Reeves 2015-07-09 23:11:38 UTC

It appears submissions have been made for all platforms so moving this bug to the security team to finish up ...

Comment 14 Andreas Stieger 2015-07-10 08:37:14 UTC

https://www.mozilla.org/en-US/security/known-vulnerabilities/thunderbird/

My understanding of the MFSAa above is that a MozillaThunderbird release 38.1 is outstanding upstream, and thatit fixes the these vulnerabilities:

CVE-2015-2724: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2725: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2726: Miscellaneous memory safety hazards (MFSA-2015-59)
CVE-2015-2731: Use-after-free in Content Policy due to microtask execution error (MFSA-2015-63)
CVE-2015-2734: CairoTextureClientD3D9::BorrowDrawTarget using uninitialized memory (MFSA-2015-66)
CVE-2015-2741: Key pinning is ignored when overridable errors are encountered (MFSA-2015-67)
CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (MFSA-2015-70)
CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (MFSA-2015-71)

Comment 15 Wolfgang Rosenauer 2015-07-10 09:06:28 UTC

Indeed 38.1 is not released yet upstream. The question is how long to wait for it before releasing Firefox? I _think_ TB will be released by mid of next week.

Comment 16 Andreas Stieger 2015-07-10 13:46:16 UTC

(In reply to Wolfgang Rosenauer from comment #15)
> Indeed 38.1 is not released yet upstream. The question is how long to wait
> for it before releasing Firefox? I _think_ TB will be released by mid of
> next week.

I recommend we treat them separately and issue an update for Thunderbird when it's ready.

Comment 18 Swamp Workflow Management 2015-07-13 09:08:16 UTC

openSUSE-SU-2015:1229-1: An update that fixes 21 vulnerabilities is now available.

Category: security (important)
Bug References: 932142,933439,935979
CVE References: CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2725,CVE-2015-2726,CVE-2015-2727,CVE-2015-2728,CVE-2015-2729,CVE-2015-2730,CVE-2015-2731,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2741,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-39.0-34.2, mozilla-nss-3.19.2-16.1
openSUSE 13.1 (src):    MozillaFirefox-39.0-78.1, mozilla-nss-3.19.2-59.1

Comment 19 Andreas Stieger 2015-07-13 09:21:55 UTC

(In reply to Andreas Stieger from comment #16)
> (In reply to Wolfgang Rosenauer from comment #15)
> > Indeed 38.1 is not released yet upstream. The question is how long to wait
> > for it before releasing Firefox? I _think_ TB will be released by mid of
> > next week.
> 
> I recommend we treat them separately and issue an update for Thunderbird
> when it's ready.

MozillaThunderbird 38.1.0 is in mozilla:Factory/MozillaThunderbird now. Wolfgang are you happy to submit it? I'll give it a good spin today.

Comment 20 Wolfgang Rosenauer 2015-07-13 13:26:25 UTC

I have submitted it now. Please note that I found myself a regression related to master account usage and password prompts. It's a new major version :-( Issue is reported upstream and there is not much choice when we want to use it as sec update.

Comment 21 Bernhard Wiedemann 2015-07-13 14:00:17 UTC

This is an autogenerated message for OBS integration:
This bug (935979) was mentioned in
https://build.opensuse.org/request/show/316435 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/316437 13.2 / MozillaThunderbird
https://build.opensuse.org/request/show/316438 13.1 / MozillaThunderbird

Comment 25 Bernhard Wiedemann 2015-07-17 07:00:21 UTC

This is an autogenerated message for OBS integration:
This bug (935979) was mentioned in
https://build.opensuse.org/request/show/317220 Evergreen:11.4 / MozillaFirefox.openSUSE_Evergreen_11.4

Comment 26 Swamp Workflow Management 2015-07-18 17:09:46 UTC

openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available.

Category: security (important)
Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979
CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1

Comment 27 Swamp Workflow Management 2015-07-20 09:08:29 UTC

SUSE-SU-2015:1268-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,935033,935979
CVE References: CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2725,CVE-2015-2726,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1

Comment 28 Swamp Workflow Management 2015-07-20 10:08:53 UTC

SUSE-SU-2015:1269-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 856315,935033,935979
CVE References: CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2725,CVE-2015-2726,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-31.8.0esr-37.3, mozilla-nspr-4.10.8-3.1, mozilla-nss-3.19.2_CKBI_1.98-21.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-31.8.0esr-37.3, mozilla-nspr-4.10.8-3.1, mozilla-nss-3.19.2_CKBI_1.98-21.1
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-31.8.0esr-37.3, mozilla-nspr-4.10.8-3.1, mozilla-nss-3.19.2_CKBI_1.98-21.1

Comment 29 Swamp Workflow Management 2015-07-20 10:09:54 UTC

SUSE-SU-2015:1268-2: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,935033,935979
CVE References: CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2725,CVE-2015-2726,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Server 11-SP3 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-31.8.0esr-0.10.1, mozilla-nspr-4.10.8-0.5.1, mozilla-nss-3.19.2_CKBI_1.98-0.10.1

Comment 30 Andreas Stieger 2015-07-20 11:22:25 UTC

released

Comment 32 Bernhard Wiedemann 2015-07-25 21:00:08 UTC

This is an autogenerated message for OBS integration:
This bug (935979) was mentioned in
https://build.opensuse.org/request/show/318682 42 / MozillaFirefox

Comment 34 Bernhard Wiedemann 2015-08-17 20:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (935979) was mentioned in
https://build.opensuse.org/request/show/323872 42 / MozillaThunderbird

Comment 35 Swamp Workflow Management 2015-08-28 10:10:32 UTC

SUSE-SU-2015:1444-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 935979
CVE References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Server 11-SP4 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Server 11-SP3 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Server 11-SP1-LTSS (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    mozilla-nspr-4.10.8-0.8.1
SUSE Linux Enterprise Debuginfo 11-SP1 (src):    mozilla-nspr-4.10.8-0.8.1

Comment 36 Swamp Workflow Management 2015-08-28 14:10:45 UTC

SUSE-SU-2015:1449-1: An update that fixes 31 vulnerabilities is now available.

Category: security (important)
Bug References: 935033,935979,940806,940918
CVE References: CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2725,CVE-2015-2726,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000,CVE-2015-4473,CVE-2015-4474,CVE-2015-4475,CVE-2015-4478,CVE-2015-4479,CVE-2015-4484,CVE-2015-4485,CVE-2015-4486,CVE-2015-4487,CVE-2015-4488,CVE-2015-4489,CVE-2015-4491,CVE-2015-4492,CVE-2015-4495
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-38.2.0esr-10.1, MozillaFirefox-branding-SLED-31.0-0.5.7.11, firefox-gcc47-4.7.2_20130108-0.37.2, mozilla-nss-3.19.2.0-0.7.1
SUSE Linux Enterprise Server 11-SP1-LTSS (src):    MozillaFirefox-38.2.0esr-10.1, MozillaFirefox-branding-SLED-31.0-0.5.7.11, firefox-gcc47-4.7.2_20130108-0.37.2, mozilla-nss-3.19.2.0-0.7.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-38.2.0esr-10.1, mozilla-nss-3.19.2.0-0.7.1
SUSE Linux Enterprise Debuginfo 11-SP1 (src):    MozillaFirefox-38.2.0esr-10.1, mozilla-nss-3.19.2.0-0.7.1

Comment 37 Swamp Workflow Management 2015-10-05 16:10:29 UTC

openSUSE-SU-2015:1681-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 935979,947003
CVE References: CVE-2015-4500,CVE-2015-4501,CVE-2015-4502,CVE-2015-4503,CVE-2015-4504,CVE-2015-4505,CVE-2015-4506,CVE-2015-4507,CVE-2015-4509,CVE-2015-4510,CVE-2015-4511,CVE-2015-4512,CVE-2015-4516,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7178,CVE-2015-7179,CVE-2015-7180
Sources used:
openSUSE 13.2 (src):    seamonkey-2.38-20.2
openSUSE 13.1 (src):    seamonkey-2.38-56.1