Overview

File _patchinfo of Package patchinfo.1411

<patchinfo incident="1411">
  <issue id="952810" tracker="bnc">VUL-0: MozillaFirefox 42 security release</issue>
  <issue id="908275" tracker="bnc">Firefox will not print in landscape orientation</issue>
  <issue id="CVE-2015-7188" tracker="cve" />
  <issue id="CVE-2015-7200" tracker="cve" />
  <issue id="CVE-2015-4513" tracker="cve" />
  <issue id="CVE-2015-7194" tracker="cve" />
  <issue id="CVE-2015-7189" tracker="cve" />
  <issue id="CVE-2015-7197" tracker="cve" />
  <issue id="CVE-2015-7196" tracker="cve" />
  <issue id="CVE-2015-7193" tracker="cve" />
  <issue id="CVE-2015-7183" tracker="cve" />
  <issue id="CVE-2015-7182" tracker="cve" />
  <issue id="CVE-2015-7181" tracker="cve" />
  <issue id="CVE-2015-7198" tracker="cve" />
  <issue id="CVE-2015-7199" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
This Mozilla Firefox, NSS and NSPR update fixes the following security
and non security issues.

- mozilla-nspr was updated to version 4.10.10 (bsc#952810)
  * MFSA 2015-133/CVE-2015-7183
    (bmo#1205157)
    NSPR memory corruption issues

- mozilla-nss was updated to 3.19.2.1 (bsc#952810)
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182
    (bmo#1192028, bmo#1202868)
    NSS and NSPR memory corruption issues

- MozillaFirefox was updated to 38.4.0 ESR (bsc#952810)
  * MFSA 2015-116/CVE-2015-4513
    (bmo#1107011, bmo#1191942, bmo#1193038, bmo#1204580,
     bmo#1204669, bmo#1204700, bmo#1205707, bmo#1206564,
     bmo#1208665, bmo#1209471, bmo#1213979)
    Miscellaneous memory safety hazards (rv:42.0 / rv:38.4)
  * MFSA 2015-122/CVE-2015-7188
    (bmo#1199430)
    Trailing whitespace in IP address hostnames can bypass
    same-origin policy
  * MFSA 2015-123/CVE-2015-7189
    (bmo#1205900)
    Buffer overflow during image interactions in canvas
  * MFSA 2015-127/CVE-2015-7193
    (bmo#1210302)
    CORS preflight is bypassed when non-standard Content-Type
    headers are received
  * MFSA 2015-128/CVE-2015-7194
    (bmo#1211262)
    Memory corruption in libjar through zip files
  * MFSA 2015-130/CVE-2015-7196
    (bmo#1140616)
    JavaScript garbage collection crash with Java applet
  * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200
    (bmo#1204061, bmo#1188010, bmo#1204155)
    Vulnerabilities found through code inspection
  * MFSA 2015-132/CVE-2015-7197
    (bmo#1204269)
    Mixed content WebSocket policy bypass through workers
  * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183
    (bmo#1202868, bmo#1192028, bmo#1205157)
    NSS and NSPR memory corruption issues
- fix printing on landscape media (bsc#908275)
</description>
  <summary>Security update for MozillaFirefox, mozilla-nspr, mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places