Bug 947003 – VUL-0: MozillaFirefox 41 / 38.3.0 ESR security release

Bug 947003 - VUL-0: MozillaFirefox 41 / 38.3.0 ESR security release


Summary:	VUL-0: MozillaFirefox 41 / 38.3.0 ESR security release

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All All

Priority:	P3 - Medium Severity: Critical
Target Milestone:	---
Assigned To:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:released:sle10-sp3:62338 maint:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-09-22 13:50 UTC by Petr Cerny
Modified:	2020-04-05 18:19 UTC (History)
CC List:	10 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Cerny 2015-09-22 13:50:46 UTC

Planned release date is 2015-09-22
Firefox/Thunderbird/XULRunner 41
Firefox/Thunderbird/XULRunner 38.3.0 ESR

Seamonkey 2.38 unknown (2.38b1 is out already)

Comment 1 Swamp Workflow Management 2015-09-22 22:00:14 UTC

bugbot adjusting priority

Comment 2 Bernhard Wiedemann 2015-09-23 06:00:15 UTC

This is an autogenerated message for OBS integration:
This bug (947003) was mentioned in
https://build.opensuse.org/request/show/333058 Factory / MozillaFirefox
https://build.opensuse.org/request/show/333059 Leap:42.1 / MozillaFirefox
https://build.opensuse.org/request/show/333060 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/333061 13.1 / MozillaFirefox

Comment 3 Andreas Stieger 2015-09-23 07:42:30 UTC

The information is public at
https://www.mozilla.org/en-US/security/advisories/

Comment 5 Bernhard Wiedemann 2015-09-24 08:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (947003) was mentioned in
https://build.opensuse.org/request/show/333411 Factory / xulrunner
https://build.opensuse.org/request/show/333415 Leap:42.1 / xulrunner

Comment 6 Bernhard Wiedemann 2015-10-01 08:00:50 UTC

This is an autogenerated message for OBS integration:
This bug (947003) was mentioned in
https://build.opensuse.org/request/show/335120 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/335121 13.2 / MozillaThunderbird
https://build.opensuse.org/request/show/335122 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/335123 Leap:42.1 / MozillaThunderbird

Comment 7 Swamp Workflow Management 2015-10-01 08:09:29 UTC

openSUSE-SU-2015:1658-1: An update that fixes 27 vulnerabilities is now available.

Category: security (important)
Bug References: 947003
CVE References: CVE-2015-4476,CVE-2015-4500,CVE-2015-4501,CVE-2015-4502,CVE-2015-4503,CVE-2015-4504,CVE-2015-4505,CVE-2015-4506,CVE-2015-4507,CVE-2015-4508,CVE-2015-4509,CVE-2015-4510,CVE-2015-4511,CVE-2015-4512,CVE-2015-4516,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7178,CVE-2015-7179,CVE-2015-7180
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-41.0-44.1
openSUSE 13.1 (src):    MozillaFirefox-41.0-88.1

Comment 8 Marcus Meissner 2015-10-01 08:43:02 UTC

CVE-2015-4476,CVE-2015-4500,CVE-2015-4501,CVE-2015-4502,CVE-2015-4503,CVE-2015-4504,CVE-2015-4505,CVE-2015-4506,CVE-2015-4507,CVE-2015-4508,CVE-2015-4509,CVE-2015-4510,CVE-2015-4511,CVE-2015-4512,CVE-2015-4516,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7178,CVE-2015-7179,CVE-2015-7180

Comment 10 Bernhard Wiedemann 2015-10-02 07:00:11 UTC

This is an autogenerated message for OBS integration:
This bug (947003) was mentioned in
https://build.opensuse.org/request/show/335658 Factory / seamonkey
https://build.opensuse.org/request/show/335659 Leap:42.1 / seamonkey
https://build.opensuse.org/request/show/335661 13.2 / seamonkey
https://build.opensuse.org/request/show/335662 13.1 / seamonkey

Comment 12 Swamp Workflow Management 2015-10-05 16:09:38 UTC

openSUSE-SU-2015:1679-1: An update that fixes 17 vulnerabilities is now available.

Category: security (important)
Bug References: 947003
CVE References: CVE-2015-4500,CVE-2015-4505,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7178,CVE-2015-7179,CVE-2015-7180
Sources used:
openSUSE 13.2 (src):    MozillaThunderbird-38.3.0-28.1
openSUSE 13.1 (src):    MozillaThunderbird-38.3.0-70.65.1

Comment 13 Swamp Workflow Management 2015-10-05 16:10:05 UTC

SUSE-SU-2015:1680-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 947003
CVE References: CVE-2015-4500,CVE-2015-4501,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7180
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-38.3.0esr-48.1, mozilla-nspr-4.10.9-6.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-38.3.0esr-48.1, mozilla-nspr-4.10.9-6.1
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-38.3.0esr-48.1, mozilla-nspr-4.10.9-6.1

Comment 14 Swamp Workflow Management 2015-10-05 16:10:54 UTC

openSUSE-SU-2015:1681-1: An update that fixes 25 vulnerabilities is now available.

Category: security (important)
Bug References: 935979,947003
CVE References: CVE-2015-4500,CVE-2015-4501,CVE-2015-4502,CVE-2015-4503,CVE-2015-4504,CVE-2015-4505,CVE-2015-4506,CVE-2015-4507,CVE-2015-4509,CVE-2015-4510,CVE-2015-4511,CVE-2015-4512,CVE-2015-4516,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7178,CVE-2015-7179,CVE-2015-7180
Sources used:
openSUSE 13.2 (src):    seamonkey-2.38-20.2
openSUSE 13.1 (src):    seamonkey-2.38-56.1

Comment 15 Swamp Workflow Management 2015-10-09 07:10:19 UTC

SUSE-SU-2015:1703-1: An update that fixes 15 vulnerabilities is now available.

Category: security (important)
Bug References: 947003
CVE References: CVE-2015-4500,CVE-2015-4501,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7180
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Server 11-SP3 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-38.3.0esr-22.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-38.3.0esr-22.1

Comment 21 Swamp Workflow Management 2015-11-23 21:11:24 UTC

SUSE-SU-2015:2081-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,940806,943557,943558,943608,947003,952810
CVE References: CVE-2015-4473,CVE-2015-4474,CVE-2015-4475,CVE-2015-4478,CVE-2015-4479,CVE-2015-4484,CVE-2015-4485,CVE-2015-4486,CVE-2015-4487,CVE-2015-4488,CVE-2015-4489,CVE-2015-4491,CVE-2015-4492,CVE-2015-4497,CVE-2015-4498,CVE-2015-4500,CVE-2015-4501,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4513,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7180,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-38.4.0esr-0.7.1, MozillaFirefox-branding-SLED-38-0.5.3, mozilla-nspr-4.10.10-0.5.1, mozilla-nss-3.19.2.1-0.5.1

Comment 22 Marcus Meissner 2015-12-04 07:29:53 UTC

resolved I think