Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » LM15-0012

Overview

Id LM15-0012
Name Mozilla Firefox 36.0 for Mac OS X (See Notes)
Vendor Name mozilla
Product FireFox
Content Type Critical Critical
Language(s)
Operating System(s) OSX 
Released On 24 Feb 2015 11:42:00

LM15-0012

Mozilla Firefox 36.0 for Mac OS X (See Notes)

Vendor Name

mozilla

Product

FireFox

Released On

24 Feb 2015 11:42:00

Url

http://www.mozilla.org/firefox/36.0/releasenotes/

Description

Mozilla Firefox is a web browser provided by the Mozilla Corporation with a rapid release cycle.

Firefox 36.0 addresses the following security issues:

  • MSFA-2015-27 Caja Compiler JavaScript sandbox bypass
  • MSFA-2015-26 UI Tour whitelisted sites in background tab can spoof foreground tabs
  • MSFA-2015-25 Local files or privileged URLs in pages can be opened into new tabs
  • MSFA-2015-24 Reading of local files through manipulation of form autocomplete
  • MSFA-2015-23 Use-after-free in Developer Console date with OpenType Sanitiser
  • MSFA-2015-22 Crash using DrawTarget in Cairo graphics library
  • MSFA-2015-21 Buffer underflow during MP3 playback
  • MSFA-2015-20 Buffer overflow during CSS restyling
  • MSFA-2015-19 Out-of-bounds read and write while rendering SVG content
  • MSFA-2015-18 Double-free when using non-default memory allocators with a zero-length XHR
  • MSFA-2015-17 Buffer overflow in libstagefright during MP4 video playback
  • MSFA-2015-16 Use-after-free in IndexedDB
  • MSFA-2015-15 TLS TURN and STUN connections silently fail to simple TCP connections
  • MSFA-2015-14 Malicious WebGL content crash when writing strings
  • MSFA-2015-13 Appended period to hostnames can bypass HPKP and HSTS protections
  • MSFA-2015-11 Miscellaneous memory safety hazards (rv:36.0 / rv:31.5)

  • Notes:
  • By default, deployment will automatically update Firefox.app in the Applications folder.
  • Deployment while Firefox is running will not update the current browser session. The user may re-launch Firefox in order to complete the update.
  • Use the download only option to deploy the installer to the agent's temporary directory (by default, "/tmp/{Agent GUID}"). An administrator may then manually install the update.
  • The detection logic only detects Firefox installations in the current system volume. Multiple installations of Firefox may cause unexpected detection results.
  • Related Resources

    Related Vulnerabilities

    CVE-2015-0819   CVE-2015-0820   CVE-2015-0821   CVE-2015-0822   CVE-2015-0823   CVE-2015-0824   CVE-2015-0825   CVE-2015-0826   CVE-2015-0827   CVE-2015-0828   CVE-2015-0829   CVE-2015-0830   CVE-2015-0831   CVE-2015-0832   CVE-2015-0834   CVE-2015-0835   CVE-2015-0836  

    Related Patches

    None

    Superseded Patches


    Last Updated: 27 May 2016 11:20:46