Bug 952810 – VUL-0: MozillaFirefox 42 security release

Bug 952810 - VUL-0: MozillaFirefox 42 security release


Summary:	VUL-0: MozillaFirefox 42 security release

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	All All

Priority:	P1 - Urgent Severity: Critical
Target Milestone:	---
Assigned To:	Petr Cerny
QA Contact:	Security Team bot

URL:
Whiteboard:	maint:running:62284:important maint:r...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-10-30 11:15 UTC by Petr Cerny
Modified:	2020-04-05 18:19 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Petr Cerny 2015-10-30 11:15:08 UTC

Planned release date is 2015-11-03

Firefox/Thunderbird/XULRunner 42
Firefox/Thunderbird/XULRunner 38.4.0 ESR
Seamonkey 2.39

Comment 1 Swamp Workflow Management 2015-10-30 23:00:26 UTC

bugbot adjusting priority

Comment 2 Wolfgang Rosenauer 2015-10-31 20:13:47 UTC

There are new NSPR and NSS releases fixing security issues as well and which will be required on all supported dists.
NSPR 4.10.10 and different versions of NSS 3.19.2.1, 3.19.4 and 3.20.1

Comment 3 Bernhard Wiedemann 2015-11-03 18:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/342303 13.1 / MozillaFirefox

Comment 4 Bernhard Wiedemann 2015-11-03 19:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/342304 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/342305 Leap:42.1 / MozillaFirefox
https://build.opensuse.org/request/show/342306 Factory / MozillaFirefox
https://build.opensuse.org/request/show/342307 Leap:42.1 / xulrunner
https://build.opensuse.org/request/show/342308 Factory / xulrunner

Comment 5 Bernhard Wiedemann 2015-11-03 20:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/342316 13.1 / mozilla-nspr
https://build.opensuse.org/request/show/342317 13.2 / mozilla-nspr
https://build.opensuse.org/request/show/342318 Leap:42.1 / mozilla-nspr
https://build.opensuse.org/request/show/342319 Factory / mozilla-nspr
https://build.opensuse.org/request/show/342320 13.1 / mozilla-nss
https://build.opensuse.org/request/show/342321 13.2 / mozilla-nss
https://build.opensuse.org/request/show/342322 Leap:42.1 / mozilla-nss
https://build.opensuse.org/request/show/342323 Factory / mozilla-nss

Comment 6 Sebastian Krahmer 2015-11-04 08:42:54 UTC

MFSA2015-133: CVE-2015-7181,CVE-2015-7182,CVE-2015-7183

Comment 7 Sebastian Krahmer 2015-11-04 08:47:24 UTC

MFSA2015-132: CVE-2015-7197

Comment 8 Sebastian Krahmer 2015-11-04 08:49:36 UTC

MFSA2015-131: CVE-2015-7198, CVE-2015-7199,CVE-2015-7200

Comment 9 Sebastian Krahmer 2015-11-04 08:51:43 UTC

MFSA2015-130: CVE-2015-7196

Comment 10 Sebastian Krahmer 2015-11-04 08:53:22 UTC

MFSA2015-129: CVE-2015-7195

Comment 11 Sebastian Krahmer 2015-11-04 09:01:33 UTC

MFSA2015-128: CVE-2015-7194
MFSA2015-127: CVE-2015-7193
MFSA2015-126: CVE-2015-7192
MFSA2015-125: CVE-2015-7191
MFSA2015-123: CVE-2015-7189
MFSA2015-122: CVE-2015-7188
MFSA2015-121: CVE-2015-7187
MFSA2015-118: CVE-2015-4518
MFSA2015-117: CVE-2015-4515
MFSA2015-116: CVE-2015-4514, CVE-2015-4513

Comment 12 Sebastian Krahmer 2015-11-04 09:09:42 UTC

That should be all CVE's. If there are some missing from the Nov 3 release,
its because its only affecting Android.

Comment 13 Bernhard Wiedemann 2015-11-06 13:00:10 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/342681 13.1 / seamonkey
https://build.opensuse.org/request/show/342682 13.2 / seamonkey
https://build.opensuse.org/request/show/342683 Leap:42.1 / seamonkey
https://build.opensuse.org/request/show/342684 Factory / seamonkey

Comment 14 Swamp Workflow Management 2015-11-06 16:11:48 UTC

SUSE-SU-2015:1926-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,952810
CVE References: CVE-2015-4513,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-38.4.0esr-51.1, mozilla-nspr-4.10.10-9.1, mozilla-nss-3.19.2.1-29.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-38.4.0esr-51.1, MozillaFirefox-branding-SLE-31.0-17.1, mozilla-nspr-4.10.10-9.1, mozilla-nss-3.19.2.1-29.1
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-38.4.0esr-51.1, MozillaFirefox-branding-SLE-31.0-17.1, mozilla-nspr-4.10.10-9.1, mozilla-nss-3.19.2.1-29.1

Comment 15 Swamp Workflow Management 2015-11-09 22:10:19 UTC

openSUSE-SU-2015:1942-1: An update that fixes 23 vulnerabilities is now available.

Category: security (important)
Bug References: 952810
CVE References: CVE-2015-4513,CVE-2015-4514,CVE-2015-4515,CVE-2015-4518,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7185,CVE-2015-7186,CVE-2015-7187,CVE-2015-7188,CVE-2015-7189,CVE-2015-7190,CVE-2015-7191,CVE-2015-7192,CVE-2015-7193,CVE-2015-7194,CVE-2015-7195,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-42.0-3.5, mozilla-nspr-4.10.10-4.1, mozilla-nss-3.20.1-3.3, seamonkey-2.39-3.1, xulrunner-38.4.0-3.2
openSUSE 13.2 (src):    MozillaFirefox-42.0-50.4, mozilla-nspr-4.10.10-9.1, mozilla-nss-3.20.1-19.2, seamonkey-2.39-23.1
openSUSE 13.1 (src):    MozillaFirefox-42.0-94.4, mozilla-nspr-4.10.10-25.1, mozilla-nss-3.20.1-62.2, seamonkey-2.39-59.1

Comment 16 Swamp Workflow Management 2015-11-12 16:12:15 UTC

SUSE-SU-2015:1978-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,952810
CVE References: CVE-2015-4513,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-38.4.0esr-25.3, MozillaFirefox-branding-SLED-38-12.19, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-12.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-38.4.0esr-25.3, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-12.1

Comment 17 Swamp Workflow Management 2015-11-12 19:11:13 UTC

SUSE-SU-2015:1981-1: An update that fixes 13 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,952810
CVE References: CVE-2015-4513,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-38.4.0esr-25.6, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    MozillaFirefox-38.4.0esr-25.6, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    MozillaFirefox-38.4.0esr-25.6, MozillaFirefox-branding-SLES-for-VMware-38-10.27, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-38.4.0esr-25.6, MozillaFirefox-branding-SLED-38-15.31, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Server 11-SP3 (src):    MozillaFirefox-38.4.0esr-25.6, MozillaFirefox-branding-SLED-38-15.31, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Desktop 11-SP4 (src):    MozillaFirefox-38.4.0esr-25.6, MozillaFirefox-branding-SLED-38-15.31, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Desktop 11-SP3 (src):    MozillaFirefox-38.4.0esr-25.6, MozillaFirefox-branding-SLED-38-15.31, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-38.4.0esr-25.6, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-38.4.0esr-25.6, mozilla-nspr-4.10.10-16.1, mozilla-nss-3.19.2.1-19.3

Comment 18 Swamp Workflow Management 2015-11-23 21:11:35 UTC

SUSE-SU-2015:2081-1: An update that fixes 43 vulnerabilities is now available.

Category: security (important)
Bug References: 908275,940806,943557,943558,943608,947003,952810
CVE References: CVE-2015-4473,CVE-2015-4474,CVE-2015-4475,CVE-2015-4478,CVE-2015-4479,CVE-2015-4484,CVE-2015-4485,CVE-2015-4486,CVE-2015-4487,CVE-2015-4488,CVE-2015-4489,CVE-2015-4491,CVE-2015-4492,CVE-2015-4497,CVE-2015-4498,CVE-2015-4500,CVE-2015-4501,CVE-2015-4506,CVE-2015-4509,CVE-2015-4511,CVE-2015-4513,CVE-2015-4517,CVE-2015-4519,CVE-2015-4520,CVE-2015-4521,CVE-2015-4522,CVE-2015-7174,CVE-2015-7175,CVE-2015-7176,CVE-2015-7177,CVE-2015-7180,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-38.4.0esr-0.7.1, MozillaFirefox-branding-SLED-38-0.5.3, mozilla-nspr-4.10.10-0.5.1, mozilla-nss-3.19.2.1-0.5.1

Comment 19 Sebastian Krahmer 2015-11-24 08:48:17 UTC

released

Comment 20 Wolfgang Rosenauer 2015-11-24 09:18:03 UTC

Thunderbird 38.4.0 is still missing but is meant to be released upstream today. Update package will be provided asap.

Comment 21 Bernhard Wiedemann 2015-11-26 11:00:16 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/346366 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/346367 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/346368 13.2 / MozillaThunderbird
https://build.opensuse.org/request/show/346369 42.1 / MozillaThunderbird

Comment 22 Swamp Workflow Management 2015-12-08 16:10:54 UTC

openSUSE-SU-2015:2229-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 952325,952810
CVE References: CVE-2015-4513,CVE-2015-4514,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
openSUSE Leap 42.1 (src):    MozillaThunderbird-38.4.0-4.2

Comment 23 Swamp Workflow Management 2015-12-10 11:14:03 UTC

openSUSE-SU-2015:2245-1: An update that fixes 14 vulnerabilities is now available.

Category: security (moderate)
Bug References: 952325,952810
CVE References: CVE-2015-4513,CVE-2015-4514,CVE-2015-7181,CVE-2015-7182,CVE-2015-7183,CVE-2015-7188,CVE-2015-7189,CVE-2015-7193,CVE-2015-7194,CVE-2015-7196,CVE-2015-7197,CVE-2015-7198,CVE-2015-7199,CVE-2015-7200
Sources used:
openSUSE 13.2 (src):    MozillaThunderbird-38.4.0-31.1
openSUSE 13.1 (src):    MozillaThunderbird-38.4.0-70.68.1

Comment 24 Bernhard Wiedemann 2015-12-23 13:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/350520 Factory / mozilla-nss

Comment 25 Bernhard Wiedemann 2015-12-26 08:00:09 UTC

This is an autogenerated message for OBS integration:
This bug (952810) was mentioned in
https://build.opensuse.org/request/show/350831 42.1 / mozilla-nss
https://build.opensuse.org/request/show/350832 13.2 / mozilla-nss
https://build.opensuse.org/request/show/350833 13.1 / mozilla-nss

Comment 26 Marcus Meissner 2018-02-26 12:22:57 UTC

Android only: CVE-2015-7185 CVE-2015-7186 and CVE-2015-7190.