Bug 39786

Summary: Firefox: Security issues from 38.4 (3.2)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Janek Walkenhorst <walkenhorst>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5 CC: gohmann, walkenhorst
Version: UCS 3.2Flags: requate: Patch_Available+
Target Milestone: UCS 3.2-8-errata   
Hardware: Other   
OS: Linux   
URL: https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
What kind of report is it?: --- What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on: 39785, 40025    
Bug Blocks:    

Description Arvid Requate univentionstaff 2015-11-04 21:11:27 CET 
+++ This bug was initially created as a clone of Bug #39785 +++

Firefox ESR 38.4 fixes these issues:

* ASan: use-after-poison in sec_asn1d_parse_leaf() (CVE-2015-7181)
* ASN.1 decoder heap overflow when decoding constructed OCTET STRING (CVE-2015-7182)
* NSPR overflow in PL_ARENA_ALLOCATE can lead to crash (under ASAN), potential memory corruption (CVE-2015-7183)
* WebSocket secure requirements can be bypassed in a worker (CVE-2015-7197)
* Overflow in TextureStorage11 can cause memory-safety bug (CVE-2015-7198)
* Missing status checks in AddWeightedPathSegLists and SVGPathSegListSMILType::Interpolate cause memory-safety bugs (CVE-2015-7199)
* Missing status check in CryptoKey creates potential security bug (CVE-2015-7200)
* crashes in GC with Java applet (CVE-2015-7196) [only affected when java plugin is enabled]
* Arbitrary memory access in libjar (libxul) (CVE-2015-7194)
* CORS does a simple instead of preflighted request for POST with non-standard Content-Type header (CVE-2015-7193)
* Heap Buffer Overflow in nsJPEGEncoder (CVE-2015-7189)
* White-spaces in host IP address, leading to same origin policy bypass (CVE-2015-7188)
* Memory safety bugs fixed in Firefox ESR 38.4 and Firefox 42. (CVE-2015-4513)
Comment 1 Janek Walkenhorst univentionstaff 2015-11-26 18:04:50 CET 
Tests (i386): OK
Advisories: firefox-{de,en}.yaml r65966
Comment 2 Philipp Hahn univentionstaff 2015-12-04 14:30:37 CET 
OK: apt-get install firefox-en=1:38.3.0esr-ucs-3.2.58.201509241907
OK: apt-get install firefox-en
OK: apt-get purge firefox-en
OK: apt-get install firefox-en
FIXED: errata-announce -V firefox-en.yaml → r66113
OK: apt-get install firefox-de=1:38.3.0esr-ucs-3.2.63.201509241916
OK: apt-get install firefox-de
OK: apt-get purge firefox-de
OK: apt-get install firefox-de
FIXED: errata-announce -V firefox-de.yaml → r66113
OK: https://www.google.de/ https://www.univention.de/ https://forge.univention.org/ http://www.tagesschau.de/ https://www.youtube.com/ about:
OK: amd64 i386
OK: firefox-??.yaml