Security update for MozillaFirefox

Announcement ID: SUSE-SU-2015:1703-1
Rating: important
References:
Cross-References:
CVSS scores:
Affected Products:
  • SLES for SAP Applications 11-SP3
  • SLES for SAP Applications 11-SP4
  • SUSE Linux Enterprise Desktop 11 SP3
  • SUSE Linux Enterprise Desktop 11 SP4
  • SUSE Linux Enterprise Server 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3
  • SUSE Linux Enterprise Server 11 SP4
  • SUSE Linux Enterprise Software Development Kit 11 SP3
  • SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 15 vulnerabilities can now be installed.

Description:

Mozilla Firefox was updated to version 38.3.0 ESR (bsc#947003), fixing bugs and security issues.

  • MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3)
  • MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video
  • MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video
  • MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content
  • MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects
  • MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers
  • MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection

More details can be found on https://www.mozilla.org/en-US/security/advisories/

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 11 SP3
    zypper in -t patch sledsp3-firefox-20150923-12122=1
  • SUSE Linux Enterprise Desktop 11 SP4
    zypper in -t patch sledsp4-firefox-20150923-12122=1
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3
    zypper in -t patch slessp3-firefox-20150923-12122=1
  • SUSE Linux Enterprise Server 11 SP3
    zypper in -t patch slessp3-firefox-20150923-12122=1
  • SLES for SAP Applications 11-SP3
    zypper in -t patch slessp3-firefox-20150923-12122=1
  • SUSE Linux Enterprise Software Development Kit 11 SP3
    zypper in -t patch sdksp3-firefox-20150923-12122=1
  • SUSE Linux Enterprise Software Development Kit 11 SP4
    zypper in -t patch sdksp4-firefox-20150923-12122=1
  • SUSE Linux Enterprise Server 11 SP4
    zypper in -t patch slessp4-firefox-20150923-12122=1
  • SLES for SAP Applications 11-SP4
    zypper in -t patch slessp4-firefox-20150923-12122=1

Package List:

  • SUSE Linux Enterprise Desktop 11 SP3 (x86_64 i586)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SUSE Linux Enterprise Desktop 11 SP4 (x86_64 i586)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SUSE Linux Enterprise Server 11 SP3 for VMware 11-SP3 (x86_64 i586)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SUSE Linux Enterprise Server 11 SP3 (s390x x86_64 i586 ppc64 ia64)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SLES for SAP Applications 11-SP3 (x86_64)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SUSE Linux Enterprise Software Development Kit 11 SP3 (s390x x86_64 i586 ppc64 ia64)
    • MozillaFirefox-devel-38.3.0esr-22.1
  • SUSE Linux Enterprise Software Development Kit 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • MozillaFirefox-devel-38.3.0esr-22.1
  • SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1
  • SLES for SAP Applications 11-SP4 (ppc64 x86_64)
    • MozillaFirefox-38.3.0esr-22.1
    • MozillaFirefox-translations-38.3.0esr-22.1

References: