Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="4039">
  <issue id="947003" tracker="bnc">VUL-0: MozillaFirefox 41 / 38.3.0 ESR security release</issue>
  <issue id="CVE-2015-4520" tracker="cve" />
  <issue id="CVE-2015-4521" tracker="cve" />
  <issue id="CVE-2015-4522" tracker="cve" />
  <issue id="CVE-2015-4502" tracker="cve" />
  <issue id="CVE-2015-4503" tracker="cve" />
  <issue id="CVE-2015-4500" tracker="cve" />
  <issue id="CVE-2015-4501" tracker="cve" />
  <issue id="CVE-2015-4506" tracker="cve" />
  <issue id="CVE-2015-4507" tracker="cve" />
  <issue id="CVE-2015-4504" tracker="cve" />
  <issue id="CVE-2015-4505" tracker="cve" />
  <issue id="CVE-2015-4508" tracker="cve" />
  <issue id="CVE-2015-7180" tracker="cve" />
  <issue id="CVE-2015-4509" tracker="cve" />
  <issue id="CVE-2015-7178" tracker="cve" />
  <issue id="CVE-2015-7179" tracker="cve" />
  <issue id="CVE-2015-7176" tracker="cve" />
  <issue id="CVE-2015-7177" tracker="cve" />
  <issue id="CVE-2015-7174" tracker="cve" />
  <issue id="CVE-2015-7175" tracker="cve" />
  <issue id="CVE-2015-4511" tracker="cve" />
  <issue id="CVE-2015-4510" tracker="cve" />
  <issue id="CVE-2015-4512" tracker="cve" />
  <issue id="CVE-2015-4476" tracker="cve" />
  <issue id="CVE-2015-4517" tracker="cve" />
  <issue id="CVE-2015-4516" tracker="cve" />
  <issue id="CVE-2015-4519" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>wrosenauer</packager>
  <description>MozillaFirefox was updated to Firefox 41.0 (bnc#947003)

Security issues fixed:

* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501
  Miscellaneous memory safety hazards
* MFSA 2015-97/CVE-2015-4503 (bmo#994337)
  Memory leak in mozTCPSocket to servers
* MFSA 2015-98/CVE-2015-4504 (bmo#1132467)
  Out of bounds read in QCMS library with ICC V4 profile attributes
* MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
  Site attribute spoofing on Android by pasting URL with unknown scheme
* MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
  Arbitrary file manipulation by local user through Mozilla updater
* MFSA 2015-101/CVE-2015-4506 (bmo#1192226)
  Buffer overflow in libvpx while parsing vp9 format video
* MFSA 2015-102/CVE-2015-4507 (bmo#1192401)
  Crash when using debugger with SavedStacks in JavaScript
* MFSA 2015-103/CVE-2015-4508 (bmo#1195976)
  URL spoofing in reader mode
* MFSA 2015-104/CVE-2015-4510 (bmo#1200004)
  Use-after-free with shared workers and IndexedDB
* MFSA 2015-105/CVE-2015-4511 (bmo#1200148)
  Buffer overflow while decoding WebM video
* MFSA 2015-106/CVE-2015-4509 (bmo#1198435)
  Use-after-free while manipulating HTML media content
* MFSA 2015-107/CVE-2015-4512 (bmo#1170390)
  Out-of-bounds read during 2D canvas display on Linux 16-bit
  color depth systems
* MFSA 2015-108/CVE-2015-4502 (bmo#1105045)
  Scripted proxies can access inner window
* MFSA 2015-109/CVE-2015-4516 (bmo#904886)
  JavaScript immutable property enforcement can be bypassed
* MFSA 2015-110/CVE-2015-4519 (bmo#1189814)
  Dragging and dropping images exposes final URL after redirects
* MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
  Errors in the handling of CORS preflight request headers
* MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
  CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
  CVE-2015-7180
  Vulnerabilities found through code inspection
* MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
  bmo#1190526) (Windows only)
  Memory safety errors in libGLES in the ANGLE graphics library
* MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
  Information disclosure via the High Resolution Time API
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places