Security update for MozillaFirefox, mozilla-nspr, mozilla-nss

Announcement ID:	SUSE-SU-2015:1926-1
Rating:	important
References:	bsc#908275 bsc#952810
Cross-References:	CVE-2015-4513 CVE-2015-7181 CVE-2015-7182 CVE-2015-7183 CVE-2015-7188 CVE-2015-7189 CVE-2015-7193 CVE-2015-7194 CVE-2015-7196 CVE-2015-7197 CVE-2015-7198 CVE-2015-7199 CVE-2015-7200
CVSS scores:
Affected Products:	SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Software Development Kit 12

An update that solves 13 vulnerabilities can now be installed.

Description:

This Mozilla Firefox, NSS and NSPR update fixes the following security and non security issues.

• mozilla-nspr was updated to version 4.10.10 (bsc#952810)

• MFSA 2015-133/CVE-2015-7183 (bmo#1205157) NSPR memory corruption issues

• mozilla-nss was updated to 3.19.2.1 (bsc#952810)

• MFSA 2015-133/CVE-2015-7181/CVE-2015-7182 (bmo#1192028, bmo#1202868) NSS and NSPR memory corruption issues

• MozillaFirefox was updated to 38.4.0 ESR (bsc#952810)

• MFSA 2015-116/CVE-2015-4513 (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580, bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564, bmo#1208665, bmo#1209471, bmo#1213979) Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
• MFSA 2015-122/CVE-2015-7188 (bmo#1199430) Trailing whitespace in IP address hostnames can bypass same-origin policy
• MFSA 2015-123/CVE-2015-7189 (bmo#1205900) Buffer overflow during image interactions in canvas
• MFSA 2015-127/CVE-2015-7193 (bmo#1210302) CORS preflight is bypassed when non-standard Content-Type headers are received
• MFSA 2015-128/CVE-2015-7194 (bmo#1211262) Memory corruption in libjar through zip files
• MFSA 2015-130/CVE-2015-7196 (bmo#1140616) JavaScript garbage collection crash with Java applet
• MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 (bmo#1204061, bmo#1188010, bmo#1204155) Vulnerabilities found through code inspection
• MFSA 2015-132/CVE-2015-7197 (bmo#1204269) Mixed content WebSocket policy bypass through workers
• MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 (bmo#1202868, bmo#1192028, bmo#1205157) NSS and NSPR memory corruption issues
• fix printing on landscape media (bsc#908275)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12
  zypper in -t patch SUSE-SLE-DESKTOP-12-2015-807=1
• SUSE Linux Enterprise Software Development Kit 12
  zypper in -t patch SUSE-SLE-SDK-12-2015-807=1
• SUSE Linux Enterprise Server 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-807=1
• SUSE Linux Enterprise Server for SAP Applications 12
  zypper in -t patch SUSE-SLE-SERVER-12-2015-807=1

Package List:

• SUSE Linux Enterprise Desktop 12 (x86_64)
  • mozilla-nspr-32bit-4.10.10-9.1
  • mozilla-nss-certs-3.19.2.1-29.1
  • mozilla-nss-32bit-3.19.2.1-29.1
  • mozilla-nspr-debugsource-4.10.10-9.1
  • MozillaFirefox-38.4.0esr-51.1
  • mozilla-nspr-4.10.10-9.1
  • mozilla-nss-tools-debuginfo-3.19.2.1-29.1
  • mozilla-nss-debuginfo-32bit-3.19.2.1-29.1
  • libfreebl3-3.19.2.1-29.1
  • MozillaFirefox-debugsource-38.4.0esr-51.1
  • MozillaFirefox-branding-SLE-31.0-17.1
  • MozillaFirefox-debuginfo-38.4.0esr-51.1
  • libsoftokn3-32bit-3.19.2.1-29.1
  • mozilla-nss-3.19.2.1-29.1
  • libsoftokn3-debuginfo-3.19.2.1-29.1
  • mozilla-nss-certs-32bit-3.19.2.1-29.1
  • mozilla-nss-certs-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nspr-debuginfo-4.10.10-9.1
  • libfreebl3-debuginfo-3.19.2.1-29.1
  • mozilla-nss-certs-debuginfo-3.19.2.1-29.1
  • libfreebl3-32bit-3.19.2.1-29.1
  • libfreebl3-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nss-debugsource-3.19.2.1-29.1
  • libsoftokn3-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nss-debuginfo-3.19.2.1-29.1
  • mozilla-nspr-debuginfo-32bit-4.10.10-9.1
  • mozilla-nss-tools-3.19.2.1-29.1
  • libsoftokn3-3.19.2.1-29.1
  • MozillaFirefox-translations-38.4.0esr-51.1
• SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
  • mozilla-nss-debugsource-3.19.2.1-29.1
  • mozilla-nspr-devel-4.10.10-9.1
  • MozillaFirefox-devel-38.4.0esr-51.1
  • mozilla-nss-debuginfo-3.19.2.1-29.1
  • MozillaFirefox-debuginfo-38.4.0esr-51.1
  • mozilla-nspr-debugsource-4.10.10-9.1
  • mozilla-nspr-debuginfo-4.10.10-9.1
  • mozilla-nss-devel-3.19.2.1-29.1
  • MozillaFirefox-debugsource-38.4.0esr-51.1
• SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
  • mozilla-nss-certs-3.19.2.1-29.1
  • mozilla-nspr-debugsource-4.10.10-9.1
  • MozillaFirefox-38.4.0esr-51.1
  • mozilla-nspr-4.10.10-9.1
  • mozilla-nss-tools-debuginfo-3.19.2.1-29.1
  • libfreebl3-3.19.2.1-29.1
  • MozillaFirefox-debugsource-38.4.0esr-51.1
  • MozillaFirefox-branding-SLE-31.0-17.1
  • MozillaFirefox-debuginfo-38.4.0esr-51.1
  • mozilla-nss-3.19.2.1-29.1
  • libsoftokn3-debuginfo-3.19.2.1-29.1
  • libsoftokn3-hmac-3.19.2.1-29.1
  • mozilla-nspr-debuginfo-4.10.10-9.1
  • libfreebl3-debuginfo-3.19.2.1-29.1
  • mozilla-nss-certs-debuginfo-3.19.2.1-29.1
  • mozilla-nss-debugsource-3.19.2.1-29.1
  • libfreebl3-hmac-3.19.2.1-29.1
  • mozilla-nss-debuginfo-3.19.2.1-29.1
  • mozilla-nss-tools-3.19.2.1-29.1
  • libsoftokn3-3.19.2.1-29.1
  • MozillaFirefox-translations-38.4.0esr-51.1
• SUSE Linux Enterprise Server 12 (s390x x86_64)
  • libsoftokn3-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nspr-32bit-4.10.10-9.1
  • mozilla-nspr-debuginfo-32bit-4.10.10-9.1
  • mozilla-nss-certs-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nss-32bit-3.19.2.1-29.1
  • libsoftokn3-hmac-32bit-3.19.2.1-29.1
  • libsoftokn3-32bit-3.19.2.1-29.1
  • libfreebl3-debuginfo-32bit-3.19.2.1-29.1
  • libfreebl3-32bit-3.19.2.1-29.1
  • libfreebl3-hmac-32bit-3.19.2.1-29.1
  • mozilla-nss-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nss-certs-32bit-3.19.2.1-29.1
• SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
  • mozilla-nspr-32bit-4.10.10-9.1
  • mozilla-nss-certs-3.19.2.1-29.1
  • mozilla-nss-32bit-3.19.2.1-29.1
  • mozilla-nspr-debugsource-4.10.10-9.1
  • MozillaFirefox-38.4.0esr-51.1
  • mozilla-nspr-4.10.10-9.1
  • mozilla-nss-tools-debuginfo-3.19.2.1-29.1
  • mozilla-nss-debuginfo-32bit-3.19.2.1-29.1
  • libfreebl3-3.19.2.1-29.1
  • MozillaFirefox-debugsource-38.4.0esr-51.1
  • MozillaFirefox-branding-SLE-31.0-17.1
  • MozillaFirefox-debuginfo-38.4.0esr-51.1
  • libsoftokn3-32bit-3.19.2.1-29.1
  • mozilla-nss-3.19.2.1-29.1
  • libsoftokn3-debuginfo-3.19.2.1-29.1
  • mozilla-nss-certs-32bit-3.19.2.1-29.1
  • mozilla-nss-certs-debuginfo-32bit-3.19.2.1-29.1
  • libsoftokn3-hmac-3.19.2.1-29.1
  • mozilla-nspr-debuginfo-4.10.10-9.1
  • libfreebl3-debuginfo-3.19.2.1-29.1
  • mozilla-nss-certs-debuginfo-3.19.2.1-29.1
  • libfreebl3-32bit-3.19.2.1-29.1
  • libfreebl3-debuginfo-32bit-3.19.2.1-29.1
  • libfreebl3-hmac-32bit-3.19.2.1-29.1
  • libsoftokn3-hmac-32bit-3.19.2.1-29.1
  • mozilla-nss-debugsource-3.19.2.1-29.1
  • libfreebl3-hmac-3.19.2.1-29.1
  • libsoftokn3-debuginfo-32bit-3.19.2.1-29.1
  • mozilla-nss-debuginfo-3.19.2.1-29.1
  • mozilla-nspr-debuginfo-32bit-4.10.10-9.1
  • mozilla-nss-tools-3.19.2.1-29.1
  • libsoftokn3-3.19.2.1-29.1
  • MozillaFirefox-translations-38.4.0esr-51.1

References:

• https://www.suse.com/security/cve/CVE-2015-4513.html
• https://www.suse.com/security/cve/CVE-2015-7181.html
• https://www.suse.com/security/cve/CVE-2015-7182.html
• https://www.suse.com/security/cve/CVE-2015-7183.html
• https://www.suse.com/security/cve/CVE-2015-7188.html
• https://www.suse.com/security/cve/CVE-2015-7189.html
• https://www.suse.com/security/cve/CVE-2015-7193.html
• https://www.suse.com/security/cve/CVE-2015-7194.html
• https://www.suse.com/security/cve/CVE-2015-7196.html
• https://www.suse.com/security/cve/CVE-2015-7197.html
• https://www.suse.com/security/cve/CVE-2015-7198.html
• https://www.suse.com/security/cve/CVE-2015-7199.html
• https://www.suse.com/security/cve/CVE-2015-7200.html
• https://bugzilla.suse.com/show_bug.cgi?id=908275
• https://bugzilla.suse.com/show_bug.cgi?id=952810