[SUSE-SU-2015:0978-1] Security update for MozillaFirefox

Severity Moderate

Affected Packages 14

CVEs 6

Security update for MozillaFirefox

This update to Firefox 31.7.0 ESR fixes the following issues:

* 

  MFSA 2015-46 (CVE-2015-2708, CVE-2015-2709): Miscellaneous memory
  safety hazards (rv:38.0 / rv:31.7). Upstream references: bmo#1120655,
  bmo#1143299, bmo#1151139, bmo#1152177, bmo#1111251, bmo#1117977,
  bmo#1128064, bmo#1135066, bmo#1143194, bmo#1146101, bmo#1149526,
  bmo#1153688, bmo#1155474.

* 

  MFSA 2015-47 (CVE-2015-0797): Buffer overflow parsing H.264 video
  with Linux Gstreamer. Upstream references: bmo#1080995.

* 

  MFSA 2015-48 (CVE-2015-2710): Buffer overflow with SVG content and
  CSS. Upstream references: bmo#1149542.

* 

  MFSA 2015-51 (CVE-2015-2713): Use-after-free during text processing
  with vertical text enabled. Upstream references: bmo#1153478.

* 

  MFSA 2015-54 (CVE-2015-2716): Buffer overflow when parsing compressed
  XML. Upstream references: bmo#1140537.

Security Issues:

* CVE-2015-0797
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0797>
* CVE-2015-2708
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2708>
* CVE-2015-2709
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2709>
* CVE-2015-2710
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2710>
* CVE-2015-2713
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2713>
* CVE-2015-2716
  <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2716>

Package	Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sled-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=ppc64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=ia64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sled-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sled-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=ia64&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=3	< 31.7.0esr-0.8.1
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sled-11&sp=3	< 31.7.0esr-0.8.1

ID

SUSE-SU-2015:0978-1

Severity

moderate

URL

https://www.suse.com/support/update/announcement/2015/suse-su-20150978-1/

Published

2015-05-19T09:15:45
(9 years ago)

Modified

2015-05-19T09:15:45
(9 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0978-1.json
Suse	URL for SUSE-SU-2015:0978-1	https://www.suse.com/support/update/announcement/2015/suse-su-20150978-1/
Suse	E-Mail link for SUSE-SU-2015:0978-1	https://lists.suse.com/pipermail/sle-security-updates/2015-June/001417.html
Bugzilla	SUSE Bug 930622	https://bugzilla.suse.com/930622
CVE	SUSE CVE CVE-2015-0797 page	https://www.suse.com/security/cve/CVE-2015-0797/
CVE	SUSE CVE CVE-2015-2708 page	https://www.suse.com/security/cve/CVE-2015-2708/
CVE	SUSE CVE CVE-2015-2709 page	https://www.suse.com/security/cve/CVE-2015-2709/
CVE	SUSE CVE CVE-2015-2710 page	https://www.suse.com/security/cve/CVE-2015-2710/
CVE	SUSE CVE CVE-2015-2713 page	https://www.suse.com/security/cve/CVE-2015-2713/
CVE	SUSE CVE CVE-2015-2716 page	https://www.suse.com/security/cve/CVE-2015-2716/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sles-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sled-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sled-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sles-11	s390x
Affected	pkg:rpm/suse/MozillaFirefox?arch=ppc64&distro=sles-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sles-11	ppc64
Affected	pkg:rpm/suse/MozillaFirefox?arch=ia64&distro=sles-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sles-11	ia64
Affected	pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sles-11	i586
Affected	pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sled-11&sp=3	suse	MozillaFirefox	< 31.7.0esr-0.8.1	sled-11	i586
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sles-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sled-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sled-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sles-11	s390x
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64&distro=sles-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sles-11	ppc64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=ia64&distro=sles-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sles-11	ia64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sles-11	i586
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sled-11&sp=3	suse	MozillaFirefox-translations	< 31.7.0esr-0.8.1	sled-11	i586

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date