Overview

File _patchinfo of Package patchinfo.754

<patchinfo incident="754">
  <issue id="935979" tracker="bnc">VUL-0: MozillaFirefox 39 security release</issue>
 <issue id="856315" tracker="bnc">FIPS: mozilla-nss tracker bug</issue>
  <issue id="935033" tracker="bnc">VUL-0: mozilla-nss: The Logjam Attack / weakdh.org</issue>
  <issue id="CVE-2015-2736" tracker="cve" />
  <issue id="CVE-2015-2724" tracker="cve" />
  <issue id="CVE-2015-2730" tracker="cve" />
  <issue id="CVE-2015-2743" tracker="cve" />
  <issue id="CVE-2015-2740" tracker="cve" />
  <issue id="CVE-2015-2725" tracker="cve" />
  <issue id="CVE-2015-2728" tracker="cve" />
  <issue id="CVE-2015-2739" tracker="cve" />
  <issue id="CVE-2015-2738" tracker="cve" />
  <issue id="CVE-2015-2737" tracker="cve" />
  <issue id="CVE-2015-2721" tracker="cve" />
  <issue id="CVE-2015-2735" tracker="cve" />
  <issue id="CVE-2015-2734" tracker="cve" />
  <issue id="CVE-2015-2733" tracker="cve" />
  <issue id="CVE-2015-2722" tracker="cve" />
  <issue id="CVE-2015-2726" tracker="cve" />
  <issue id="CVE-2015-4000" tracker="cve" />
  <name>MozillaFirefox-201507</name>
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>MozillaFirefox, mozilla-nspr and  mozilla-nss were updated to fix 17 security issues.

For more details please check the changelogs.
- CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards (bsc#935979).
- CVE-2015-2728: Type confusion in Indexed Database Manager (bsc#935979).
- CVE-2015-2730: ECDSA signature validation fails to handle some signatures correctly (bsc#935979).
- CVE-2015-2722/CVE-2015-2733: Use-after-free in workers while using XMLHttpRequest (bsc#935979).
- CVE-2015-2734/CVE-2015-2735/CVE-2015-2736/CVE-2015-2737/CVE-2015-2738/CVE-2015-2739/CVE-2015-2740: Vulnerabilities found through code inspection (bsc#935979).
- CVE-2015-2743: Privilege escalation in PDF.js (bsc#935979).
- CVE-2015-4000: NSS accepts export-length DHE keys with regular DHE cipher suites (bsc#935033).
- CVE-2015-2721: NSS incorrectly permits skipping of ServerKeyExchange (bsc#935979).
</description>
  <summary>Security update for MozillaFirefox, mozilla-nspr, mozilla-nss</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places