Bug 39338 - Firefox: Security issues from 38.3 (3.2)
Firefox: Security issues from 38.3 (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-7-errata
Assigned To: Janek Walkenhorst
Philipp Hahn
https://www.mozilla.org/en-US/securit...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-14 16:10 CEST by Arvid Requate
Modified: 2015-10-28 12:31 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2015-09-14 16:10:38 CEST
Firefox ESR 38.2.1 fixes these issues:

* Firefox Addon bypass dialog and spoof vulnerability (CVE-2015-4498)
* use-after-free (& crash) after style flush in CanvasRenderingContext2D (CVE-2015-4497)
* Mozilla Firefox nsIPresShell Use-After-Free Remote Code Execution Vulnerability
Comment 1 Arvid Requate univentionstaff 2015-09-22 19:04:39 CEST
Firefox ESR 38.3 fixes these issues:

* Memory-safety bugs in NetworkUtils.cpp generally (CVE-2015-4517)
* Memory-safety bugs in ConvertDialogOptions (CVE-2015-4521)
* Overflow in nsUnicodeToUTF8::GetMaxLength can create memory-safety bugs in callers (CVE-2015-4522)
* Overflow in nsAttrAndChildArray::GrowBy causes memory-safety bug (CVE-2015-7174)
* Overflow in XULContentSinkImpl::AddText causes memory-safety bug (CVE-2015-7175)
* Bad sscanf argument in AnimationThread overruns stack variable (CVE-2015-7176)
* Memory-safety bug in InitTextures (CVE-2015-7177)
* Mishandling return status in ReadbackResultWriterD3D11::Run might cause memory-safety bug (CVE-2015-7180)
* CORS preflight cache poisoning with the credentials flag (CVE-2015-4520)
* CORS preflight cache poisoning with a CORS header being mistaken with another CORS header
* Information leakage: Dragging and dropping image to <textbox> pastes final URL of image after redirects (CVE-2015-4519)
* HTMLVideoElement Use-After-Free Remote Code Execution (CVE-2015-4509)
* Heap-buffer-overflow due to overflow in nestegg_track_codec_data (MFSA-2015-105)
* maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file in vp9_init_context_buffers (CVE-2015-4506)
* memory safety problems and crashes that affect Firefox ESR 38.2 (CVE-2015-4500)
Comment 2 Arvid Requate univentionstaff 2015-09-23 11:45:29 CEST
MFSA-2015-105 is CVE-2015-4511, so:

* Heap-buffer-overflow due to overflow in nestegg_track_codec_data (CVE-2015-4511)
Comment 3 Janek Walkenhorst univentionstaff 2015-09-25 11:04:56 CEST
Advisories:
firefox-de.yaml
firefox-en.yaml
Comment 4 Philipp Hahn univentionstaff 2015-10-27 13:02:23 CET
OK: apt-get install firefox-de=1:38.2.0esr-1.60.201508181738
OK: apt-get install firefox-de
OK: apt-get purge firefox-de
OK: apt-get install firefox-de

OK: apt-get install firefox-en=1:38.2.0esr-1.55.201508181735
OK: apt-get install firefox-en
OK: apt-get purge firefox-en
OK: apt-get install firefox-en

OK: about: 38.3.0
OK: amd64 i386
OK: https://www.google.de/
OK: https://www.univention.de/
OK: https://forge.univention.org/
OK: http://www.tagesschau.de/
OK: https://www.youtube.com/

OK: 2015-09-24-firefox-??.yaml
OK: announce_errata -V 2015-09-24-firefox-de.yaml
OK: announce_errata -V 2015-09-24-firefox-en.yaml