Univention Bugzilla – Bug 39387
Firefox: Security issues from 38.3 (4.0)
Last modified: 2015-10-28 14:00:34 CET
Firefox ESR 38.3 fixes these issues: * Memory-safety bugs in NetworkUtils.cpp generally (CVE-2015-4517) * Memory-safety bugs in ConvertDialogOptions (CVE-2015-4521) * Overflow in nsUnicodeToUTF8::GetMaxLength can create memory-safety bugs in callers (CVE-2015-4522) * Overflow in nsAttrAndChildArray::GrowBy causes memory-safety bug (CVE-2015-7174) * Overflow in XULContentSinkImpl::AddText causes memory-safety bug (CVE-2015-7175) * Bad sscanf argument in AnimationThread overruns stack variable (CVE-2015-7176) * Memory-safety bug in InitTextures (CVE-2015-7177) * Mishandling return status in ReadbackResultWriterD3D11::Run might cause memory-safety bug (CVE-2015-7180) * CORS preflight cache poisoning with the credentials flag (CVE-2015-4520) * CORS preflight cache poisoning with a CORS header being mistaken with another CORS header * Information leakage: Dragging and dropping image to <textbox> pastes final URL of image after redirects (CVE-2015-4519) * HTMLVideoElement Use-After-Free Remote Code Execution (CVE-2015-4509) * Heap-buffer-overflow due to overflow in nestegg_track_codec_data (MFSA-2015-105) * maliciously crafted vp9 format video could be used to trigger a buffer overflow while parsing the file in vp9_init_context_buffers (CVE-2015-4506) * memory safety problems and crashes that affect Firefox ESR 38.2 (CVE-2015-4500)
MFSA-2015-105 is CVE-2015-4511, so: * Heap-buffer-overflow due to overflow in nestegg_track_codec_data (CVE-2015-4511)
Advisories: firefox-de.yaml firefox-en.yaml
OK - amd64/i386 OK - firefox-de firefox-en OK - YAML
Advisories have the wrong "bug" field.
(In reply to Janek Walkenhorst from comment #4) > Advisories have the wrong "bug" field. Fixed r64930
Verified (only rechecked bug number)
<http://errata.software-univention.de/ucs/4.0/350.html> <http://errata.software-univention.de/ucs/4.0/351.html>