Bug 36175 - Firefox: Security issues from 31.2 (3.2)
Firefox: Security issues from 31.2 (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-3-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-10-15 14:20 CEST by Moritz Muehlenhoff
Modified: 2014-10-30 14:14 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2014-10-15 14:20:24 CEST
We need to migrate to the new ESR31 series, ESR24 is no longer supported.

Memory corruption in the browser engine (CVE-2014-1574) 
Buffer overflow in CSS parsing (CVE-2014-1576)
Memory corruption in Web Audio (CVE-2014-1577)
Out-of-bounds write in WebM playback (CVE-2014-1578)
Use-after-free in text rendering (CVE-2014-1581)
Information leak in WebRTC (CVE-2014-1585, CVE-2014-1586)
Bypass of the same-origin policy (CVE-2014-1583)
Comment 1 Janek Walkenhorst univentionstaff 2014-10-28 17:09:55 CET
Imported 31.2.0 ESR
Tests (i386): OK
Advisories: 2014-10-28-firefox-{de,en}.yaml
Comment 2 Philipp Hahn univentionstaff 2014-10-28 17:52:51 CET
OK: apt-cache policy firefox-de firefox-en
OK: about: 31.2.0
OK: amd64 i386
OK: firefox-{en,de}
OK: http://google.de/
OK: http://univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: http://youtube.com/
OK: /usr/sbin/announce_errata -V 2014-10-28-firefox-de.yaml
OK: /usr/sbin/announce_errata -V 2014-10-28-firefox-en.yaml
OK: errata-test firefox-de
OK: Update, Replace, Install
Comment 3 Janek Walkenhorst univentionstaff 2014-10-30 14:14:25 CET
http://errata.univention.de/ucs/3.2/231.html
Comment 4 Janek Walkenhorst univentionstaff 2014-10-30 14:14:38 CET
http://errata.univention.de/ucs/3.2/232.html