| Revision Date: | 2015-02-26 | Version: | 1 |
| Title: | Security update for MozillaFirefox (Important) |
| Description: |
MozillaFirefox was updated to version 31.5.0 ESR to fix five security issues.
These security issues were fixed: - CVE-2015-0836: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.5 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). - CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect function in Mozilla Firefox before 31.5 allowed remote attackers to obtain sensitive information from uninitialized process memory via a malformed SVG graphic (bnc#917597). - CVE-2015-0835: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bnc#917597). - CVE-2015-0831: Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 31.5 allowed remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted content that is improperly handled during IndexedDB index creation (bnc#917597). - CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before 31.5 allowed remote attackers to read arbitrary files via crafted JavaScript code (bnc#917597).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 917597
CVE-2015-0822
CVE-2015-0827
CVE-2015-0831
CVE-2015-0835
CVE-2015-0836
SUSE-SU-2015:0412-1
|
| Platform(s): | SUSE Linux Enterprise Desktop 12
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Desktop 12 is installed AND Package Information
MozillaFirefox-31.5.0esr-24.1 is installed
OR MozillaFirefox-translations-31.5.0esr-24.1 is installed
|