Univention Bugzilla – Bug 39785
Firefox: Security issues from 38.4 (4.0)
Last modified: 2015-12-09 12:57:14 CET
Firefox ESR 38.4 fixes these issues: * ASan: use-after-poison in sec_asn1d_parse_leaf() (CVE-2015-7181) * ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182) * NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption (CVE-2015-7183) * WebSocket secure requirements can be bypassed in a worker (CVE-2015-7197) * Overflow in TextureStorage11 can cause memory-safety bug (CVE-2015-7198) * Missing status checks in AddWeightedPathSegLists and SVGPathSegListSMILType::Interpolate cause memory-safety bugs (CVE-2015-7199) * Missing status check in CryptoKey creates potential security bug (CVE-2015-7200) * crashes in GC with Java applet (CVE-2015-7196) [only affected when java plugin is enabled] * Arbitrary memory access in libjar (libxul) (CVE-2015-7194) * CORS does a simple instead of preflighted request for POST with non-standard Content-Type header (CVE-2015-7193) * Heap Buffer Overflow in nsJPEGEncoder (CVE-2015-7189) * White-spaces in host IP address, leading to same origin policy bypass (CVE-2015-7188) * Memory safety bugs fixed in Firefox ESR 38.4 and Firefox 42. (CVE-2015-4513)
Advisories: firefox-{de,en}.yaml
OK: apt-get install firefox-de=1:38.3.0esr-ucs-4.0.64.201509241919 OK: apt-get install firefox-de # 1:38.4.0esr-ucs-4.0.66.201511191929 OK: apt-get purge firefox-de OK: apt-get install firefox-de OK: apt-get install firefox-en=1:38.3.0esr-ucs-4.0.59.201509241923 OK: apt-get install firefox-en # 1:38.4.0esr-ucs-4.0.61.201511191931 OK: apt-get purge firefox-en OK: apt-get install firefox-en OK: about: 38.4.0 OK: amd64 i386 OK: https://www.google.de/ OK: https://www.univention.de/ OK: https://forge.univention.org/ OK: http://www.tagesschau.de/ OK: https://www.youtube.com/ OK: firefox-??.yaml OK: announce_errata -V firefox-de.yaml OK: announce_errata -V firefox-en.yaml
UCS 4.0-3 is still maintained, therefore this should be "version: [3,4]"
r65911
(In reply to Janek Walkenhorst from comment #4) OK: r65911 OK: firefox-en.yaml OK: firefox-de.yaml
<http://errata.software-univention.de/ucs/4.0/366.html> <http://errata.software-univention.de/ucs/4.0/367.html>