Bug 36374 - Firefox: Security issues from 31.2 (4.0)
Firefox: Security issues from 31.2 (4.0)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.0
Other Linux
: P5 normal (vote)
: UCS 4.0
Assigned To: Stefan Gohmann
Drees Dormann
: interim-3
: 36375 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2014-10-31 22:19 CET by Stefan Gohmann
Modified: 2014-11-26 06:54 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Gohmann univentionstaff 2014-10-31 22:19:57 CET
Needs to be merged to UCS 4.0.

+++ This bug was initially created as a clone of Bug #36175 +++

We need to migrate to the new ESR31 series, ESR24 is no longer supported.

Memory corruption in the browser engine (CVE-2014-1574) 
Buffer overflow in CSS parsing (CVE-2014-1576)
Memory corruption in Web Audio (CVE-2014-1577)
Out-of-bounds write in WebM playback (CVE-2014-1578)
Use-after-free in text rendering (CVE-2014-1581)
Information leak in WebRTC (CVE-2014-1585, CVE-2014-1586)
Bypass of the same-origin policy (CVE-2014-1583)
Comment 1 Stefan Gohmann univentionstaff 2014-10-31 22:34:06 CET
*** Bug 36375 has been marked as a duplicate of this bug. ***
Comment 2 Stefan Gohmann univentionstaff 2014-11-01 00:46:01 CET
Firefox has been updated: r55226 + r55228
Changelog: r55227
Comment 3 Drees Dormann univentionstaff 2014-11-03 17:24:05 CET
Firefox ESR31 is installed on a new i386 or amd64 system

changelog ok
Comment 4 Stefan Gohmann univentionstaff 2014-11-26 06:54:32 CET
UCS 4.0-0 has been released:

If this error occurs again, please use "Clone This Bug".