Overview

File _patchinfo of Package patchinfo.3294

<patchinfo incident="3294">
  <issue id="894370" tracker="bnc">VUL-0: MozillaFirefox 32/31.1 security release</issue>
  <issue id="900639" tracker="bnc">firefox stopped to spell check - needs external dictionaries</issue>
  <issue id="908009" tracker="bnc">VUL-0: MozillaFirefox: Firefox 34/Firefox ESR 31.3/Thunderbird 31.3</issue>
  <issue id="900941" tracker="bnc">VUL-0: MozillaFirefox 33 security release</issue>
  <issue id="CVE-2014-1582" tracker="cve" />
  <issue id="CVE-2014-1583" tracker="cve" />
  <issue id="CVE-2014-1580" tracker="cve" />
  <issue id="CVE-2014-1581" tracker="cve" />
  <issue id="CVE-2014-1586" tracker="cve" />
  <issue id="CVE-2014-1587" tracker="cve" />
  <issue id="CVE-2014-1584" tracker="cve" />
  <issue id="CVE-2014-1585" tracker="cve" />
  <issue id="CVE-2014-1588" tracker="cve" />
  <issue id="CVE-2014-1589" tracker="cve" />
  <issue id="CVE-2014-1593" tracker="cve" />
  <issue id="CVE-2014-1590" tracker="cve" />
  <issue id="CVE-2014-1592" tracker="cve" />
  <issue id="CVE-2014-1577" tracker="cve" />
  <issue id="CVE-2014-1576" tracker="cve" />
  <issue id="CVE-2014-1575" tracker="cve" />
  <issue id="CVE-2014-1574" tracker="cve" />
  <issue id="CVE-2014-1591" tracker="cve" />
  <issue id="CVE-2014-1578" tracker="cve" />
  <issue id="CVE-2014-1594" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>wrosenauer</packager>
  <description>seamonkey was updated to version 2.31 to fix 20 security issues.

These security issues were fixed:
- Miscellaneous memory safety hazards (CVE-2014-1587, CVE-2014-1588).
- XBL bindings accessible via improper CSS declarations (CVE-2014-1589).
- XMLHttpRequest crashes with some input streams (CVE-2014-1590).
- CSP leaks redirect data via violation reports (CVE-2014-1591).
- Use-after-free during HTML5 parsing (CVE-2014-1592).
- Buffer overflow while parsing media content (CVE-2014-1593).
- Bad casting from the BasicThebesLayer to BasicContainerLayer (CVE-2014-1594).
- Miscellaneous memory safety hazards (CVE-2014-1574, CVE-2014-1575).
- Buffer overflow during CSS manipulation (CVE-2014-1576).
- Web Audio memory corruption issues with custom waveforms (CVE-2014-1577).
- Out-of-bounds write with WebM video (CVE-2014-1578).
- Further uninitialized memory use during GIF rendering (CVE-2014-1580).
- Use-after-free interacting with text directionality (CVE-2014-1581).
- Key pinning bypasses (CVE-2014-1582, CVE-2014-1584).
- Inconsistent video sharing within iframe (CVE-2014-1585, CVE-2014-1586).
- Accessing cross-origin objects via the Alarms API (only relevant for installed web apps) (CVE-2014-1583).

This non-security issue was fixed:
- define /usr/share/myspell as additional dictionary location and remove add-plugins.sh finally (bnc#900639).
</description>
  <summary>Security update for seamonkey</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places