File _patchinfo of Package patchinfo.441

<patchinfo incident="441">
  <issue id="917597" tracker="bnc">VUL-0: MozillaFirefox 36 security release</issue>
  <issue id="CVE-2015-0836" tracker="cve" />
  <issue id="CVE-2015-0827" tracker="cve" />
  <issue id="CVE-2015-0835" tracker="cve" />
  <issue id="CVE-2015-0831" tracker="cve" />
  <issue id="CVE-2015-0822" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>MozillaFirefox was updated to version 31.5.0 ESR to fix five security issues.

These security issues were fixed:
- CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597).
- CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597).
- CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597).
  </description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>