Bug 943550 - VUL-0: Mozilla Firefox 40.0.3/38.2.1
VUL-0: Mozilla Firefox 40.0.3/38.2.1
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-28 05:01 UTC by Wolfgang Rosenauer
Modified: 2020-04-05 18:19 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Bernhard Wiedemann 2015-08-28 06:00:11 UTC
This is an autogenerated message for OBS integration:
This bug (943550) was mentioned in
https://build.opensuse.org/request/show/327639 Factory / MozillaFirefox
https://build.opensuse.org/request/show/327640 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/327641 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/327642 42 / MozillaFirefox
Comment 2 Andreas Stieger 2015-08-28 06:55:01 UTC
From submission:

  security fixes
  * MFSA 2015-94/CVE-2015-4497 (bmo#1164766, bmo#1175278)
    Use-after-free when resizing canvas element during restyling
  * MFSA 2015-95/CVE-2015-4498 (bmo#1042699)
    Add-on notification bypass through data URLs
Comment 3 Alexander Bergmann 2015-08-28 07:05:18 UTC
Bug 943557: CVE-2015-4497: MFSA 2015-94
Bug 943558: CVE-2015-4498: MFSA 2015-95
Comment 4 Swamp Workflow Management 2015-08-28 22:00:15 UTC
bugbot adjusting priority
Comment 5 Marcus Meissner 2015-08-31 07:03:36 UTC
see also bug 943608. too late to merge the bugs though
Comment 6 Swamp Workflow Management 2015-09-04 11:09:37 UTC
openSUSE-SU-2015:1492-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 943550
CVE References: CVE-2015-4497,CVE-2015-4498
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-40.0.3-41.2
openSUSE 13.1 (src):    MozillaFirefox-40.0.3-85.2
Comment 7 Marcus Meissner 2015-09-04 15:17:43 UTC
released for opensuse