Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1658-1 Final 1 1 2015-09-23T11:49:46Z current 2015-09-23T11:49:46Z 2015-09-23T11:49:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox MozillaFirefox was updated to Firefox 41.0 (bnc#947003) Security issues fixed: * MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards * MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in mozTCPSocket to servers * MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds read in QCMS library with ICC V4 profile attributes * MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only) Site attribute spoofing on Android by pasting URL with unknown scheme * MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only) Arbitrary file manipulation by local user through Mozilla updater * MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when using debugger with SavedStacks in JavaScript * MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing in reader mode * MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free with shared workers and IndexedDB * MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free while manipulating HTML media content * MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds read during 2D canvas display on Linux 16-bit color depth systems * MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted proxies can access inner window * MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript immutable property enforcement can be bypassed * MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869) Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/ CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/ CVE-2015-7180 Vulnerabilities found through code inspection * MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860, bmo#1190526) (Windows only) Memory safety errors in libGLES in the ANGLE graphics library * MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only) Information disclosure via the High Resolution Time API The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html E-Mail link for openSUSE-SU-2015:1658-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-41.0-88.1 MozillaFirefox-branding-upstream-41.0-88.1 MozillaFirefox-buildsymbols-41.0-88.1 MozillaFirefox-devel-41.0-88.1 MozillaFirefox-translations-common-41.0-88.1 MozillaFirefox-translations-other-41.0-88.1 Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as demonstrated by spoofing an SSL attribute. CVE-2015-4476 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4476.html CVE-2015-4476 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4500 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4500.html CVE-2015-4500 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4501 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4501.html CVE-2015-4501 https://bugzilla.suse.com/947003 SUSE Bug 947003 js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. CVE-2015-4502 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4502.html CVE-2015-4502 https://bugzilla.suse.com/947003 SUSE Bug 947003 The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. CVE-2015-4503 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4503.html CVE-2015-4503 https://bugzilla.suse.com/947003 SUSE Bug 947003 The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. CVE-2015-4504 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4504.html CVE-2015-4504 https://bugzilla.suse.com/947003 SUSE Bug 947003 updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. CVE-2015-4505 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4505.html CVE-2015-4505 https://bugzilla.suse.com/947003 SUSE Bug 947003 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. CVE-2015-4506 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4506.html CVE-2015-4506 https://bugzilla.suse.com/947003 SUSE Bug 947003 The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. CVE-2015-4507 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4507.html CVE-2015-4507 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. CVE-2015-4508 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4508.html CVE-2015-4508 https://bugzilla.suse.com/947003 SUSE Bug 947003 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. CVE-2015-4509 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4509.html CVE-2015-4509 https://bugzilla.suse.com/947003 SUSE Bug 947003 Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. CVE-2015-4510 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4510.html CVE-2015-4510 https://bugzilla.suse.com/947003 SUSE Bug 947003 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. CVE-2015-4511 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4511.html CVE-2015-4511 https://bugzilla.suse.com/947003 SUSE Bug 947003 gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. CVE-2015-4512 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4512.html CVE-2015-4512 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. CVE-2015-4516 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4516.html CVE-2015-4516 https://bugzilla.suse.com/947003 SUSE Bug 947003 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4517 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4517.html CVE-2015-4517 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. CVE-2015-4519 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4519.html CVE-2015-4519 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. CVE-2015-4520 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4520.html CVE-2015-4520 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4521 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4521.html CVE-2015-4521 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-4522 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-4522.html CVE-2015-4522 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7174 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7174.html CVE-2015-7174 https://bugzilla.suse.com/947003 SUSE Bug 947003 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7175 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7175.html CVE-2015-7175 https://bugzilla.suse.com/947003 SUSE Bug 947003 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7176 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7176.html CVE-2015-7176 https://bugzilla.suse.com/947003 SUSE Bug 947003 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7177 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7177.html CVE-2015-7177 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7178 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7178.html CVE-2015-7178 https://bugzilla.suse.com/947003 SUSE Bug 947003 The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7179 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7179.html CVE-2015-7179 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7180 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html https://www.suse.com/security/cve/CVE-2015-7180.html CVE-2015-7180 https://bugzilla.suse.com/947003 SUSE Bug 947003