Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for MozillaFirefox

MozillaFirefox was updated to version 35.0 (bnc#910669)

Notable features:
* Firefox Hello with new rooms-based conversations model
* Implemented HTTP Public Key Pinning Extension (for enhanced
authentication of encrypted connections)

Security fixes:
* MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
Miscellaneous memory safety hazards
* MFSA 2015-02/CVE-2014-8637 (bmo#1094536)
Uninitialized memory use during bitmap rendering
* MFSA 2015-03/CVE-2014-8638 (bmo#1080987)
sendBeacon requests lack an Origin header
* MFSA 2015-04/CVE-2014-8639 (bmo#1095859)
Cookie injection through Proxy Authenticate responses
* MFSA 2015-05/CVE-2014-8640 (bmo#1100409)
Read of uninitialized memory in Web Audio
* MFSA 2015-06/CVE-2014-8641 (bmo#1108455)
Read-after-free in WebRTC
* MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only)
Gecko Media Plugin sandbox escape
* MFSA 2015-08/CVE-2014-8642 (bmo#1079658)
Delegated OCSP responder certificates failure with
id-pkix-ocsp-nocheck extension
* MFSA 2015-09/CVE-2014-8636 (bmo#987794)
XrayWrapper bypass through DOM objects

- obsolete tracker-miner-firefox < 0.15 because it leads to startup
crashes (bnc#908892)

Fixed bugs
bnc#910669
VUL-0: MozillaFirefox 35/31.4.0 security release
bnc#908892
Updated Firefox (33.0-1.90.1 -> 34.0.5-1.94.3) crashes in tracker-miner-firefox
CVE-CVE-2014-8637
CVE-CVE-2014-8636
CVE-CVE-2014-8635
CVE-CVE-2014-8634
CVE-CVE-2014-8639
CVE-CVE-2014-8638
CVE-CVE-2014-8642
CVE-CVE-2014-8643
CVE-CVE-2014-8640
CVE-CVE-2014-8641
Selected Binaries
openSUSE Build Service is sponsored by
Places