[SUSE-SU-2015:2336-1] Security update for MozillaFirefox

Severity Important

Affected Packages 6

CVEs 8

Security update for MozillaFirefox

MozillaFirefox was updated to version 38.5.0 ESR.

It fixes the following security issues:

MFSA 2015-134/CVE-2015-7201/CVE-2015-7202 Miscellaneous memory safety hazards (rv:43.0 / rv:38.5)
MFSA 2015-138/CVE-2015-7210 Use-after-free in WebRTC when datachannel is used after being destroyed
MFSA 2015-139/CVE-2015-7212 Integer overflow allocating extremely large textures
MFSA 2015-145/CVE-2015-7205 Underflow through code inspection
MFSA 2015-146/CVE-2015-7213 Integer overflow in MP4 playback in 64-bit versions
MFSA 2015-147/CVE-2015-7222 Integer underflow and buffer overflow processing MP4 metadata in libstagefright
MFSA 2015-149/CVE-2015-7214 Cross-site reading attack through data and view-source URIs

Package	Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2	< 38.5.0esr-28.2
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2	< 38.5.0esr-28.2
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2	< 38.5.0esr-28.2
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2	< 38.5.0esr-28.2
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2	< 38.5.0esr-28.2
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2	< 38.5.0esr-28.2

ID

SUSE-SU-2015:2336-1

Severity

important

URL

Published

2015-12-21T16:19:48
(8 years ago)

Modified

2015-12-21T16:19:48
(8 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2336-1.json
Suse	URL for SUSE-SU-2015:2336-1	https://www.suse.com/support/update/announcement/2015/suse-su-20152336-1/
Suse	E-Mail link for SUSE-SU-2015:2336-1	https://lists.suse.com/pipermail/sle-security-updates/2015-December/001750.html
Bugzilla	SUSE Bug 959277	https://bugzilla.suse.com/959277
CVE	SUSE CVE CVE-2015-7201 page	https://www.suse.com/security/cve/CVE-2015-7201/
CVE	SUSE CVE CVE-2015-7202 page	https://www.suse.com/security/cve/CVE-2015-7202/
CVE	SUSE CVE CVE-2015-7205 page	https://www.suse.com/security/cve/CVE-2015-7205/
CVE	SUSE CVE CVE-2015-7210 page	https://www.suse.com/security/cve/CVE-2015-7210/
CVE	SUSE CVE CVE-2015-7212 page	https://www.suse.com/security/cve/CVE-2015-7212/
CVE	SUSE CVE CVE-2015-7213 page	https://www.suse.com/security/cve/CVE-2015-7213/
CVE	SUSE CVE CVE-2015-7214 page	https://www.suse.com/security/cve/CVE-2015-7214/
CVE	SUSE CVE CVE-2015-7222 page	https://www.suse.com/security/cve/CVE-2015-7222/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2	suse	MozillaFirefox	< 38.5.0esr-28.2	sles-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2	suse	MozillaFirefox	< 38.5.0esr-28.2	sles-11	s390x
Affected	pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2	suse	MozillaFirefox	< 38.5.0esr-28.2	sles-11	i586
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2	suse	MozillaFirefox-translations	< 38.5.0esr-28.2	sles-11	x86_64
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2	suse	MozillaFirefox-translations	< 38.5.0esr-28.2	sles-11	s390x
Affected	pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2	suse	MozillaFirefox-translations	< 38.5.0esr-28.2	sles-11	i586

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date