Overview

File _patchinfo of Package patchinfo.317

<patchinfo incident="317">
  <issue id="910669" tracker="bnc">MozillaFirefox 35/31.4.0 security release</issue>
  <issue id="909563" tracker="bnc">MozillaFirefox displays error messages for addons.xpi during startup from terminal.</issue>
  <issue id="910647" tracker="bnc"></issue>
  <issue id="CVE-2014-8641" tracker="cve" />
  <issue id="CVE-2014-8639" tracker="cve" />
  <issue id="CVE-2014-8638" tracker="cve" />
  <issue id="CVE-2014-8635" tracker="cve" />
  <issue id="CVE-2014-8634" tracker="cve" />
  <issue id="CVE-2014-1569" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
This update fixes the following security issues in MozillaFirefox:
- MFSA 2015-01/CVE-2014-8634/CVE-2014-8635
   (bmo#1109889, bmo#1111737, bmo#1026774, bmo#1027300,
     bmo#1054538, bmo#1067473, bmo#1070962, bmo#1072130,
     bmo#1072871, bmo#1098583)
    Miscellaneous memory safety hazards (rv:35.0 / rv:31.4)
- MFSA 2015-03/CVE-2014-8638
   (bmo#1080987)
   sendBeacon requests lack an Origin header
- MFSA 2015-04/CVE-2014-8639
  (bmo#1095859)
  Cookie injection through Proxy Authenticate responses
- MFSA 2015-06/CVE-2014-8641
  (bmo#1108455)
  Read-after-free in WebRTC

Also Mozilla NSS was updated to 3.17.3 to fix:
* The QuickDER decoder now decodes lengths robustly
  (bmo#1064670/CVE-2014-1569)
* Support for TLS_FALLBACK_SCSV has been added to the ssltap
  and tstclnt utilities
* Changes in CA certificates
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places