SUSE-SU-2015:1680-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2015/suse-su-20151680-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2015:1680-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2015:1680-1
Related
  • CVE-2015-4500
  • CVE-2015-4501
  • CVE-2015-4506
  • CVE-2015-4509
  • CVE-2015-4511
  • CVE-2015-4517
  • CVE-2015-4519
  • CVE-2015-4520
  • CVE-2015-4521
  • CVE-2015-4522
  • CVE-2015-7174
  • CVE-2015-7175
  • CVE-2015-7176
  • CVE-2015-7177
  • CVE-2015-7180
Published
2015-09-23T17:31:04Z
Modified
2015-09-23T17:31:04Z
Summary
Security update for MozillaFirefox, mozilla-nspr
Details

Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues.

  • MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
  • MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video
  • MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
  • MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content
  • MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects
  • MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers
  • MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection

More details can be found on https://www.mozilla.org/en-US/security/advisories/

The Mozilla NSPR library was updated to version 4.10.9, fixing various bugs.

References

Affected packages

SUSE:Linux Enterprise Desktop 12 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
38.3.0esr-48.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}

SUSE:Linux Enterprise Desktop 12 / mozilla-nspr

Package

Name
mozilla-nspr
Purl
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Desktop%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.9-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
38.3.0esr-48.1

Ecosystem specific 

{
    "binaries": [
        {
            "mozilla-nspr-devel": "4.10.9-6.1",
            "MozillaFirefox-devel": "38.3.0esr-48.1"
        }
    ]
}

SUSE:Linux Enterprise Software Development Kit 12 / mozilla-nspr

Package

Name
mozilla-nspr
Purl
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.9-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "mozilla-nspr-devel": "4.10.9-6.1",
            "MozillaFirefox-devel": "38.3.0esr-48.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
38.3.0esr-48.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12 / mozilla-nspr

Package

Name
mozilla-nspr
Purl
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.9-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / MozillaFirefox

Package

Name
MozillaFirefox
Purl
pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
38.3.0esr-48.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / mozilla-nspr

Package

Name
mozilla-nspr
Purl
pkg:rpm/suse/mozilla-nspr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.10.9-6.1

Ecosystem specific 

{
    "binaries": [
        {
            "MozillaFirefox": "38.3.0esr-48.1",
            "MozillaFirefox-translations": "38.3.0esr-48.1",
            "mozilla-nspr-32bit": "4.10.9-6.1",
            "mozilla-nspr": "4.10.9-6.1"
        }
    ]
}