Oval Definition:oval:org.opensuse.security:def:57332
Revision Date:2020-12-01Version:1
Title:Security update for Mozilla Firefox
Description:



Mozilla Firefox has been updated to the 31.3ESR release fixing bugs and security issues.

*

MFSA 2014-83 / CVE-2014-1588 / CVE-2014-1587: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

*

MFSA 2014-85 / CVE-2014-1590: Security researcher Joe Vennix from Rapid7 reported that passing a JavaScript object to XMLHttpRequest that mimics an input stream will a crash. This crash is not exploitable and can only be used for denial of service attacks.

*

MFSA 2014-87 / CVE-2014-1592: Security researcher Berend-Jan Wever reported a use-after-free created by triggering the creation of a second root element while parsing HTML written to a document created with document.open(). This leads to a potentially exploitable crash.

*

MFSA 2014-88 / CVE-2014-1593: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a buffer overflow during the parsing of media content. This leads to a potentially exploitable crash.

*

MFSA 2014-89 / CVE-2014-1594: Security researchers Byoungyoung Lee, Chengyu Song, and Taesoo Kim at the Georgia Tech Information Security Center (GTISC) reported a bad casting from the BasicThebesLayer to BasicContainerLayer, resulting in undefined behavior. This behavior is potentially exploitable with some compilers but no clear mechanism to trigger it through web content was identified.

*

MFSA 2014-90 / CVE-2014-1595: Security researcher Kent Howard reported an Apple issue present in OS X 10.10 (Yosemite) where log files are created by the CoreGraphics framework of OS X in the /tmp local directory. These log files contain a record of all inputs into Mozilla programs during their operation. In versions of OS X from versions 10.6 through 10.9, the CoreGraphics had this logging ability but it was turned off by default. In OS X 10.10, this logging was turned on by default for some applications that use a custom memory allocator, such as jemalloc, because of an initialization bug in the framework. This issue has been addressed in Mozilla products by explicitly turning off the framework's logging of input events. On vulnerable systems, this issue can result in private data such as usernames, passwords, and other inputed data being saved to a log file on the local system.

Security Issues:

* CVE-2014-1587 * CVE-2014-1588 * CVE-2014-1589 * CVE-2014-1590 * CVE-2014-1591 * CVE-2014-1592 * CVE-2014-1593 * CVE-2014-1594 * CVE-2014-1595

Family:unixClass:patch
Status:Reference(s):1046856
1077358
1090638
1092885
1099510
1101288
1104199
1106222
1110910
1111006
1111010
1111013
1112209
1113534
1113652
1113742
1114422
1119947
1121571
1121816
1121818
1121821
1137597
1139073
1140747
1141035
1155988
1160305
1160498
1174415
831359
908009
925502
995352
CVE-2013-4242
CVE-2014-1587
CVE-2014-1588
CVE-2014-1589
CVE-2014-1590
CVE-2014-1591
CVE-2014-1592
CVE-2014-1593
CVE-2014-1594
CVE-2014-1595
CVE-2014-3065
CVE-2014-3566
CVE-2014-4288
CVE-2014-6456
CVE-2014-6457
CVE-2014-6458
CVE-2014-6466
CVE-2014-6476
CVE-2014-6492
CVE-2014-6493
CVE-2014-6502
CVE-2014-6503
CVE-2014-6506
CVE-2014-6511
CVE-2014-6512
CVE-2014-6513
CVE-2014-6515
CVE-2014-6527
CVE-2014-6531
CVE-2014-6532
CVE-2014-6558
CVE-2014-8891
CVE-2014-8892
CVE-2015-0138
CVE-2015-0192
CVE-2015-0204
CVE-2015-0458
CVE-2015-0459
CVE-2015-0469
CVE-2015-0477
CVE-2015-0478
CVE-2015-0480
CVE-2015-0488
CVE-2015-0491
CVE-2015-1914
CVE-2015-1931
CVE-2015-2590
CVE-2015-2601
CVE-2015-2613
CVE-2015-2619
CVE-2015-2621
CVE-2015-2625
CVE-2015-2632
CVE-2015-2637
CVE-2015-2638
CVE-2015-2664
CVE-2015-2775
CVE-2015-2808
CVE-2015-4000
CVE-2015-4729
CVE-2015-4731
CVE-2015-4732
CVE-2015-4733
CVE-2015-4734
CVE-2015-4748
CVE-2015-4749
CVE-2015-4760
CVE-2015-4803
CVE-2015-4805
CVE-2015-4806
CVE-2015-4810
CVE-2015-4835
CVE-2015-4840
CVE-2015-4842
CVE-2015-4843
CVE-2015-4844
CVE-2015-4860
CVE-2015-4871
CVE-2015-4872
CVE-2015-4882
CVE-2015-4883
CVE-2015-4893
CVE-2015-4902
CVE-2015-4903
CVE-2015-4911
CVE-2015-5006
CVE-2015-5041
CVE-2015-7575
CVE-2015-7981
CVE-2015-8126
CVE-2015-8472
CVE-2015-8540
CVE-2016-0264
CVE-2016-0363
CVE-2016-0376
CVE-2016-0402
CVE-2016-0448
CVE-2016-0466
CVE-2016-0483
CVE-2016-0494
CVE-2016-0686
CVE-2016-0687
CVE-2016-3422
CVE-2016-3426
CVE-2016-3427
CVE-2016-3443
CVE-2016-3449
CVE-2016-3485
CVE-2016-3511
CVE-2016-3598
CVE-2016-6893
CVE-2017-1000083
CVE-2017-17833
CVE-2018-0618
CVE-2018-0734
CVE-2018-10839
CVE-2018-10915
CVE-2018-13796
CVE-2018-15746
CVE-2018-16884
CVE-2018-17958
CVE-2018-17962
CVE-2018-17963
CVE-2018-18849
CVE-2018-20685
CVE-2018-3639
CVE-2018-5407
CVE-2018-5950
CVE-2019-11135
CVE-2019-11139
CVE-2019-11477
CVE-2019-11478
CVE-2019-17015
CVE-2019-17016
CVE-2019-17017
CVE-2019-17021
CVE-2019-17022
CVE-2019-17024
CVE-2019-17026
CVE-2019-6109
CVE-2019-6110
CVE-2019-6111
CVE-2020-15900
SUSE-SU-2017:1893-1
SUSE-SU-2018:1614-1
SUSE-SU-2018:2991-1
SUSE-SU-2018:3866-1
SUSE-SU-2018:3909-1
SUSE-SU-2018:4237-1
SUSE-SU-2018:4296-1
SUSE-SU-2019:0125-1
SUSE-SU-2019:1924-1
SUSE-SU-2019:2988-1
SUSE-SU-2020:0068-1
SUSE-SU-2020:2097-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud Crowbar 8
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • dhcp-4.3.5-lp150.4 is installed
  • OR dhcp-client-4.3.5-lp150.4 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • nodejs8-8.15.1-lp151.2.3 is installed
  • OR nodejs8-devel-8.15.1-lp151.2.3 is installed
  • OR nodejs8-docs-8.15.1-lp151.2.3 is installed
  • OR npm8-8.15.1-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • MozillaFirefox-31.3.0esr-0.8 is installed
  • OR MozillaFirefox-translations-31.3.0esr-0.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • postgresql94-9.4.19-21.22 is installed
  • OR postgresql94-contrib-9.4.19-21.22 is installed
  • OR postgresql94-docs-9.4.19-21.22 is installed
  • OR postgresql94-server-9.4.19-21.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr3.50-28 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr3.50-28 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr3.50-28 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • glibc-2.22-62.13 is installed
  • OR glibc-32bit-2.22-62.13 is installed
  • OR glibc-devel-2.22-62.13 is installed
  • OR glibc-devel-32bit-2.22-62.13 is installed
  • OR glibc-html-2.22-62.13 is installed
  • OR glibc-i18ndata-2.22-62.13 is installed
  • OR glibc-info-2.22-62.13 is installed
  • OR glibc-locale-2.22-62.13 is installed
  • OR glibc-locale-32bit-2.22-62.13 is installed
  • OR glibc-profile-2.22-62.13 is installed
  • OR glibc-profile-32bit-2.22-62.13 is installed
  • OR nscd-2.22-62.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND clamav-0.100.2-33.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • libvirt-2.0.0-27.42 is installed
  • OR libvirt-client-2.0.0-27.42 is installed
  • OR libvirt-daemon-2.0.0-27.42 is installed
  • OR libvirt-daemon-config-network-2.0.0-27.42 is installed
  • OR libvirt-daemon-config-nwfilter-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-interface-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-libxl-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-lxc-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-network-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-nodedev-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-nwfilter-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-qemu-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-secret-2.0.0-27.42 is installed
  • OR libvirt-daemon-driver-storage-2.0.0-27.42 is installed
  • OR libvirt-daemon-hooks-2.0.0-27.42 is installed
  • OR libvirt-daemon-lxc-2.0.0-27.42 is installed
  • OR libvirt-daemon-qemu-2.0.0-27.42 is installed
  • OR libvirt-daemon-xen-2.0.0-27.42 is installed
  • OR libvirt-doc-2.0.0-27.42 is installed
  • OR libvirt-lock-sanlock-2.0.0-27.42 is installed
  • OR libvirt-nss-2.0.0-27.42 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND apache-commons-httpclient-3.1-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND squid-3.5.21-26.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • kernel-default-4.4.180-94.107 is installed
  • OR kernel-default-base-4.4.180-94.107 is installed
  • OR kernel-default-devel-4.4.180-94.107 is installed
  • OR kernel-default-kgraft-4.4.180-94.107 is installed
  • OR kernel-default-man-4.4.180-94.107 is installed
  • OR kernel-devel-4.4.180-94.107 is installed
  • OR kernel-macros-4.4.180-94.107 is installed
  • OR kernel-source-4.4.180-94.107 is installed
  • OR kernel-syms-4.4.180-94.107 is installed
  • OR kgraft-patch-4_4_180-94_107-default-1-4.3 is installed
  • OR kgraft-patch-SLE12-SP3_Update_29-1-4.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • pam_pkcs11-0.6.8-7.5 is installed
  • OR pam_pkcs11-32bit-0.6.8-7.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • ovmf-2017+git1510945757.b2662641d5-3.26 is installed
  • OR ovmf-tools-2017+git1510945757.b2662641d5-3.26 is installed
  • OR qemu-ovmf-x86_64-2017+git1510945757.b2662641d5-3.26 is installed
  • OR qemu-uefi-aarch64-2017+git1510945757.b2662641d5-3.26 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • openslp-2.0.0-18.17 is installed
  • OR openslp-32bit-2.0.0-18.17 is installed
  • OR openslp-server-2.0.0-18.17 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND ucode-intel-20191112a-13.56 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • kernel-default-4.4.180-94.113 is installed
  • OR kernel-default-base-4.4.180-94.113 is installed
  • OR kernel-default-devel-4.4.180-94.113 is installed
  • OR kernel-default-kgraft-4.4.180-94.113 is installed
  • OR kernel-devel-4.4.180-94.113 is installed
  • OR kernel-macros-4.4.180-94.113 is installed
  • OR kernel-source-4.4.180-94.113 is installed
  • OR kernel-syms-4.4.180-94.113 is installed
  • OR kgraft-patch-4_4_180-94_113-default-1-4.5 is installed
  • OR kgraft-patch-SLE12-SP3_Update_30-1-4.5 is installed
    • BACK