Bug 40274 - Firefox: Security issues from 38.5 (3.2)
Firefox: Security issues from 38.5 (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-8-errata
Assigned To: Daniel Tröder
Philipp Hahn
https://www.mozilla.org/en-US/securit...
:
Depends on: 40272 40273
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-16 19:54 CET by Arvid Requate
Modified: 2016-02-04 16:36 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-12-16 19:54:03 CET
+++ This bug was initially created as a clone of Bug #40273 +++

+++ This bug was initially created as a clone of Bug #40272 +++

Firefox ESR 38.5 fixes these issues:

* cross-origin restriction bypass using data: and view-source: uri scheme (CVE-2015-7214)
* potential underflow in 'covr', unchecked allocation and copy in Metadata::setData (CVE-2015-7222)
* integer underflow in covr MPEG4 processing (no cve? mfsa2015-147)
* 64bit: Overflow in MPEG4Extractor::readMetaData causes memory-safety bug (CVE-2015-7213)
* Underflow in RTPReceiverVideo::ParseRtpPacket causes memory-safety bug and information leak (CVE-2015-7205)
* Memset crash in mozilla::layers::BufferTextureClient::AllocateForSurface (CVE-2015-7212)
* UAF due to DataChannelConnection not Destroy()ed before deletion (CVE-2015-7210)
* Memory safety bugs fixed in Firefox ESR 38.5 and Firefox 43. (CVE-2015-7201)
Comment 1 Arvid Requate univentionstaff 2016-01-11 14:09:35 CET
Firefox ESR 38.5.2:

* Prevent MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575)
Comment 2 Daniel Tröder univentionstaff 2016-01-26 11:50:25 CET
Updated and build in 66957 and 66960.
Comment 3 Philipp Hahn univentionstaff 2016-01-26 14:51:18 CET
OK: apt-get install firefox-en=1:38.4.0esr-ucs-3.2.62.201511261748
OK: apt-get install firefox-en # 1:38.5.2esr-ucs-4.1.63.201601260929
OK: apt-get purge firefox-en
OK: apt-get install firefox-en
OK: apt-get remove firefox-en
OK: apt-get purge firefox-en

OK: apt-get install firefox-de=1:38.4.0esr-ucs-3.2.67.201511261747
OK: apt-get install firefox-de # 1:38.5.2esr-ucs-4.1.68.201601260931
OK: apt-get purge firefox-de
OK: apt-get install firefox-de
OK: apt-get remove firefox-de
OK: apt-get purge firefox-de

OK: https://www.google.de/
OK: https://www.univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: https://www.youtube.com/
OK: about: 38.5.2

OK: amd64
OK: i386

OK: errata-announce -V firefox-en.yaml
OK: errata-announce -V firefox-de.yaml
OK: firefox-??.yaml

r66973 | Bug #40272,Bug #40273,Bug #40274 Firefox: CVE-2015-7575
Comment 4 Arvid Requate univentionstaff 2016-01-26 16:43:27 CET
Note: ESR 38.6 will be released later today:

https://wiki.mozilla.org/RapidRelease/Calendar#Future_branch_dates
Comment 5 Arvid Requate univentionstaff 2016-01-26 22:19:41 CET
Firefox ESR 38.6 fixes these issues:

* global-buffer-overflow (write) at BufferSubData (CVE-2016-1935)
* Memory safety bugs fixed in Firefox ESR 38.6 and Firefox 44. (CVE-2016-1930)
* Prevent MD5 Downgrade in TLS 1.2 Signatures (CVE-2015-7575) [again? strange, maybe an updated patch?]
Comment 6 Daniel Tröder univentionstaff 2016-01-27 10:06:06 CET
Updated and compiled: 66988 + 66989
Comment 7 Philipp Hahn univentionstaff 2016-01-27 14:54:16 CET
OK: apt-get install firefox-en=1:38.4.0esr-ucs-4.0.61.201511191931
OK: apt-get install firefox-en # 1:38.6.0esr-ucs-4.0.68.201601270954
OK: apt-get purge firefox-en
OK: apt-get install firefox-en
OK: apt-get remove firefox-en
OK: apt-get purge firefox-en

OK: apt-get install firefox-de=1:38.4.0esr-ucs-4.0.66.201511191929
OK: apt-get install firefox-de # 1:38.6.0esr-ucs-4.0.72.201601270956
OK: apt-get purge firefox-de
OK: apt-get install firefox-de
OK: apt-get remove firefox-de
OK: apt-get purge firefox-de

OK: https://www.google.de/
OK: https://www.univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: https://www.youtube.com/
OK: about: # 38.6

OK: amd64
OK: i386

OK: errata-announce -V firefox-en.yaml
OK: errata-announce -V firefox-de.yaml
OK: firefox-??.yaml
Comment 8 Philipp Hahn univentionstaff 2016-01-27 15:30:07 CET
(In reply to Philipp Hahn from comment #7)
Wrong bug/version:

OK: apt-get install firefox-en=1:38.4.0esr-ucs-3.2.62.201511261748
OK: apt-get install firefox-en # 1:38.6.0esr-ucs-3.2.67.201601270950
OK: apt-get purge firefox-en
OK: apt-get install firefox-en
OK: apt-get remove firefox-en
OK: apt-get purge firefox-en

OK: apt-get install firefox-de=1:38.4.0esr-ucs-3.2.67.201511261747
OK: apt-get install firefox-de # 1:38.6.0esr-ucs-3.2.71.201601270951
OK: apt-get purge firefox-de
OK: apt-get install firefox-de
OK: apt-get remove firefox-de
OK: apt-get purge firefox-de

OK: https://www.google.de/
OK: https://www.univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: https://www.youtube.com/
OK: about:

OK: amd64
OK: i386

OK: errata-announce -V firefox-en.yaml
OK: errata-announce -V firefox-de.yaml
OK: firefox-??.yaml