[SUSE-SU-2015:0704-1] Security update for MozillaFirefox

Severity Important

Affected Packages 6

CVEs 6

Security update for MozillaFirefox

Mozilla Firefox was updated to 31.6.0 ESR to fix five security issues.

The following vulnerabilities were fixed:

Miscellaneous memory safety hazards (MFSA 2015-30/CVE-2015-0814/CVE-2015-0815)
Use-after-free when using the Fluendo MP3 GStreamer plugin (MFSA 2015-31/CVE-2015-0813)
resource:// documents can load privileged pages (MFSA 2015-33/CVE-2015-0816)
CORS requests should not follow 30x redirections after preflight (MFSA 2015-37/CVE-2015-0807)
Same-origin bypass through anchor navigation (MFSA 2015-40/CVE-2015-0801)

Package	Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12	< 31.6.0esr-30.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12	< 31.6.0esr-30.1
pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12	< 31.6.0esr-30.1
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-12	< 31.6.0esr-30.1
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-12	< 31.6.0esr-30.1
pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64le&distro=sles-12	< 31.6.0esr-30.1

ID

SUSE-SU-2015:0704-1

Severity

important

URL

Published

2015-04-02T14:42:06
(9 years ago)

Modified

2015-04-02T14:42:06
(9 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0704-1.json
Suse	URL for SUSE-SU-2015:0704-1	https://www.suse.com/support/update/announcement/2015/suse-su-20150704-1/
Suse	E-Mail link for SUSE-SU-2015:0704-1	https://lists.suse.com/pipermail/sle-security-updates/2015-April/001344.html
Bugzilla	SUSE Bug 925368	https://bugzilla.suse.com/925368
CVE	SUSE CVE CVE-2015-0801 page	https://www.suse.com/security/cve/CVE-2015-0801/
CVE	SUSE CVE CVE-2015-0807 page	https://www.suse.com/security/cve/CVE-2015-0807/
CVE	SUSE CVE CVE-2015-0813 page	https://www.suse.com/security/cve/CVE-2015-0813/
CVE	SUSE CVE CVE-2015-0814 page	https://www.suse.com/security/cve/CVE-2015-0814/
CVE	SUSE CVE CVE-2015-0815 page	https://www.suse.com/security/cve/CVE-2015-0815/
CVE	SUSE CVE CVE-2015-0816 page	https://www.suse.com/security/cve/CVE-2015-0816/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12	suse	MozillaFirefox	< 31.6.0esr-30.1	sles-12	x86_64
Affected	pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12	suse	MozillaFirefox	< 31.6.0esr-30.1	sles-12	s390x
Affected	pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12	suse	MozillaFirefox	< 31.6.0esr-30.1	sles-12	ppc64le
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-12	suse	MozillaFirefox-translations	< 31.6.0esr-30.1	sles-12	x86_64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-12	suse	MozillaFirefox-translations	< 31.6.0esr-30.1	sles-12	s390x
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64le&distro=sles-12	suse	MozillaFirefox-translations	< 31.6.0esr-30.1	sles-12	ppc64le

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date