This update fixes the following security issues in MozillaFirefox: - MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 (bmo#1109889, bmo#1111737, bmo#1026774, bmo#1027300, bmo#1054538, bmo#1067473, bmo#1070962, bmo#1072130, bmo#1072871, bmo#1098583) Miscellaneous memory safety hazards (rv:35.0 / rv:31.4) - MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header - MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses - MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC
Also Mozilla NSS was updated to 3.17.3 to fix: * The QuickDER decoder now decodes lengths robustly (bmo#1064670/CVE-2014-1569) * Support for TLS_FALLBACK_SCSV has been added to the ssltap and tstclnt utilities * Changes in CA certificates
openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 8