Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » SUSE-2015:10373

Overview

Id SUSE-2015:10373
Name Novell SUSE 2015:10373 MozillaFirefox security update for SLES 11 SP3 i586
Vendor Name novell
Product Novell
Content Type Critical Critical
Language(s)
Operating System(s) Linux 
Released On 26 Feb 2015 12:00:00

SUSE-2015:10373

Novell SUSE 2015:10373 MozillaFirefox security update for SLES 11 SP3 i586

Vendor Name

novell

Product

Novell

Released On

26 Feb 2015 12:00:00

Url

http://www.novell.com/support

Description

LSAC(v2)
MozillaFirefox has been updated to version 31.5.0 ESR to fix five security issues. These security issues have been fixed: * CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). * CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). * CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). * CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597). These non-security issues have been fixed: * Reverted desktop file name back to MozillaFirefox.desktop (bnc#916196, bnc#917100) * Obsolete subpackages of firefox-gcc47 from SLE11-SP1/2, that caused problems when upgrading to SLE11-SP3 (bnc#917300) Security Issues: * CVE-2015-0822 * CVE-2015-0827 * CVE-2015-0831 * CVE-2015-0836

Related Resources

Related Vulnerabilities

CVE-2015-0822   CVE-2015-0827   CVE-2015-0831   CVE-2015-0835   CVE-2015-0836  

Related Patches

Superseded Patches


Last Updated: 27 May 2016 11:20:47