Bug 40025 – Firefox: Security issues from 38.4 (4.1)

Bug 40025 - Firefox: Security issues from 38.4 (4.1)


Summary:	Firefox: Security issues from 38.4 (4.1)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-0-errata
Assigned To:	Janek Walkenhorst
QA Contact:	Philipp Hahn

URL:	https://www.mozilla.org/en-US/securit...
Keywords:

Depends on:
Blocks:	39785 39786
	Show dependency tree / graph

Reported:	2015-11-18 18:41 CET by Arvid Requate
Modified:	2016-10-05 12:46 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Security Issue
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):	Security
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Arvid Requate

2015-11-18 18:41:39 CET

+++ This bug was initially created as a clone of Bug #39785 +++

Firefox ESR 38.4 fixes these issues:

* ASan: use-after-poison in sec_asn1d_parse_leaf() (CVE-2015-7181)
* ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182)
* NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption (CVE-2015-7183)
* WebSocket secure requirements can be bypassed in a worker (CVE-2015-7197)
* Overflow in TextureStorage11 can cause memory-safety bug (CVE-2015-7198)
* Missing status checks in AddWeightedPathSegLists and SVGPathSegListSMILType::Interpolate cause memory-safety bugs (CVE-2015-7199)
* Missing status check in CryptoKey creates potential security bug (CVE-2015-7200)
* crashes in GC with Java applet (CVE-2015-7196) [only affected when java plugin is enabled]
* Arbitrary memory access in libjar (libxul) (CVE-2015-7194)
* CORS does a simple instead of preflighted request for POST with non-standard Content-Type header (CVE-2015-7193)
* Heap Buffer Overflow in nsJPEGEncoder (CVE-2015-7189)
* White-spaces in host IP address, leading to same origin policy bypass (CVE-2015-7188)
* Memory safety bugs fixed in Firefox ESR 38.4 and Firefox 42. (CVE-2015-4513)

Comment 1 Janek Walkenhorst

2015-11-19 19:39:13 CET

Tests: OK
Advisories: firefox-{de,en}.yaml

Comment 2 Philipp Hahn

2015-11-24 16:46:35 CET

OK: apt-get install firefox-de=1:38.3.0esr-ucs-4.0.64.201509241919
OK: apt-get install firefox-de # 1:38.4.0esr-ucs-4.1.65.201511191913
OK: apt-get purge firefox-de
OK: apt-get install firefox-de

OK: apt-get install firefox-en=1:38.3.0esr-ucs-4.0.59.201509241923
OK: apt-get install firefox-en # 1:38.4.0esr-ucs-4.1.60.201511191915
OK: apt-get purge firefox-en
OK: apt-get install firefox-en

OK: about: 38.4.0
OK: amd64 i386
OK: https://www.google.de/
OK: https://www.univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: https://www.youtube.com/

OK: firefox-??.yaml
OK: announce_errata -V firefox-de.yaml
OK: announce_errata -V firefox-en.yaml

Comment 3 Janek Walkenhorst

2015-11-26 15:16:51 CET

<http://errata.software-univention.de/ucs/4.1/5.html>
<http://errata.software-univention.de/ucs/4.1/6.html>