Security update for seamonkey SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1681-1 Final 1 1 2015-10-02T13:28:45Z current 2015-10-02T13:28:45Z 2015-10-02T13:28:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for seamonkey seamonkey was updated to fix 25 security issues. These security issues were fixed: - CVE-2015-4520: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header (bsc#947003). - CVE-2015-4521: The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4522: The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-4502: js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandled certain receiver arguments, which allowed remote attackers to bypass intended window access restrictions via a crafted web site (bsc#947003). - CVE-2015-4503: The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandled array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allowed remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application (bsc#947003). - CVE-2015-4500: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4501: Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors (bsc#947003). - CVE-2015-4506: Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allowed remote attackers to execute arbitrary code via a crafted VP9 file (bsc#947003). - CVE-2015-4507: The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allowed remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site (bsc#947003). - CVE-2015-4504: The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allowed remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image (bsc#947003). - CVE-2015-4505: updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allowed local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service (bsc#947003). - CVE-2015-7180: The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4509: Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176 (bsc#947003). - CVE-2015-7178: The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allowed remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7179: The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allowed remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content (bsc#947003). - CVE-2015-7176: The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 used an incorrect argument to the sscanf function, which might allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7177: The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-7174: The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-7175: The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an 'overflow (bsc#947003). - CVE-2015-4511: Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed remote attackers to execute arbitrary code via a crafted header in a WebM video (bsc#947003). - CVE-2015-4510: Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allowed remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation (bsc#947003). - CVE-2015-4512: gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allowed remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering (bsc#947003). - CVE-2015-4517: NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allowed remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors (bsc#947003). - CVE-2015-4516: Mozilla Firefox before 41.0 allowed remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that did not use ES5 APIs (bsc#947003). - CVE-2015-4519: Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allowed user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element (bsc#947003). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html E-Mail link for openSUSE-SU-2015:1681-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings seamonkey-2.38-56.1 seamonkey-dom-inspector-2.38-56.1 seamonkey-irc-2.38-56.1 seamonkey-translations-common-2.38-56.1 seamonkey-translations-other-2.38-56.1 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4500 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4500.html CVE-2015-4500 https://bugzilla.suse.com/947003 SUSE Bug 947003 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2015-4501 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4501.html CVE-2015-4501 https://bugzilla.suse.com/947003 SUSE Bug 947003 js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. CVE-2015-4502 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4502.html CVE-2015-4502 https://bugzilla.suse.com/947003 SUSE Bug 947003 The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. CVE-2015-4503 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4503.html CVE-2015-4503 https://bugzilla.suse.com/947003 SUSE Bug 947003 The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. CVE-2015-4504 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4504.html CVE-2015-4504 https://bugzilla.suse.com/947003 SUSE Bug 947003 updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operation by the Mozilla Maintenance Service. CVE-2015-4505 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4505.html CVE-2015-4505 https://bugzilla.suse.com/947003 SUSE Bug 947003 Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file. CVE-2015-4506 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4506.html CVE-2015-4506 https://bugzilla.suse.com/947003 SUSE Bug 947003 The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion failure and application exit) or possibly execute arbitrary code via a crafted web site. CVE-2015-4507 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4507.html CVE-2015-4507 https://bugzilla.suse.com/947003 SUSE Bug 947003 Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript code that modifies the URI table of a media element, aka ZDI-CAN-3176. CVE-2015-4509 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4509.html CVE-2015-4509 https://bugzilla.suse.com/947003 SUSE Bug 947003 Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and application crash) by leveraging improper interaction between shared workers and the IndexedDB implementation. CVE-2015-4510 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4510.html CVE-2015-4510 https://bugzilla.suse.com/947003 SUSE Bug 947003 Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted header in a WebM video. CVE-2015-4511 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4511.html CVE-2015-4511 https://bugzilla.suse.com/947003 SUSE Bug 947003 gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. CVE-2015-4512 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4512.html CVE-2015-4512 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 allows remote attackers to bypass certain ECMAScript 5 (aka ES5) API protection mechanisms and modify immutable properties, and consequently execute arbitrary JavaScript code with chrome privileges, via a crafted web page that does not use ES5 APIs. CVE-2015-4516 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4516.html CVE-2015-4516 https://bugzilla.suse.com/947003 SUSE Bug 947003 NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4517 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4517.html CVE-2015-4517 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element. CVE-2015-4519 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4519.html CVE-2015-4519 https://bugzilla.suse.com/947003 SUSE Bug 947003 Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. CVE-2015-4520 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4520.html CVE-2015-4520 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-4521 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4521.html CVE-2015-4521 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-4522 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-4522.html CVE-2015-4522 https://bugzilla.suse.com/947003 SUSE Bug 947003 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7174 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7174.html CVE-2015-7174 https://bugzilla.suse.com/947003 SUSE Bug 947003 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors, related to an "overflow." CVE-2015-7175 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7175.html CVE-2015-7175 https://bugzilla.suse.com/947003 SUSE Bug 947003 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7176 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7176.html CVE-2015-7176 https://bugzilla.suse.com/947003 SUSE Bug 947003 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7177 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7177.html CVE-2015-7177 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7178 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7178.html CVE-2015-7178 https://bugzilla.suse.com/947003 SUSE Bug 947003 The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader attribute arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via crafted (1) OpenGL or (2) WebGL content. CVE-2015-7179 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7179.html CVE-2015-7179 https://bugzilla.suse.com/947003 SUSE Bug 947003 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. CVE-2015-7180 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html https://www.suse.com/security/cve/CVE-2015-7180.html CVE-2015-7180 https://bugzilla.suse.com/947003 SUSE Bug 947003