openSUSE Security Update : MozillaFirefox (openSUSE-2015-619)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

MozillaFirefox was updated to Firefox 41.0 (bnc#947003)

Security issues fixed :

- MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous
memory safety hazards

- MFSA 2015-97/CVE-2015-4503 (bmo#994337) Memory leak in
mozTCPSocket to servers

- MFSA 2015-98/CVE-2015-4504 (bmo#1132467) Out of bounds
read in QCMS library with ICC V4 profile attributes

- MFSA 2015-99/CVE-2015-4476 (bmo#1162372) (Android only)
Site attribute spoofing on Android by pasting URL with
unknown scheme

- MFSA 2015-100/CVE-2015-4505 (bmo#1177861) (Windows only)
Arbitrary file manipulation by local user through
Mozilla updater

- MFSA 2015-101/CVE-2015-4506 (bmo#1192226) Buffer
overflow in libvpx while parsing vp9 format video

- MFSA 2015-102/CVE-2015-4507 (bmo#1192401) Crash when
using debugger with SavedStacks in JavaScript

- MFSA 2015-103/CVE-2015-4508 (bmo#1195976) URL spoofing
in reader mode

- MFSA 2015-104/CVE-2015-4510 (bmo#1200004) Use-after-free
with shared workers and IndexedDB

- MFSA 2015-105/CVE-2015-4511 (bmo#1200148) Buffer
overflow while decoding WebM video

- MFSA 2015-106/CVE-2015-4509 (bmo#1198435) Use-after-free
while manipulating HTML media content

- MFSA 2015-107/CVE-2015-4512 (bmo#1170390) Out-of-bounds
read during 2D canvas display on Linux 16-bit color
depth systems

- MFSA 2015-108/CVE-2015-4502 (bmo#1105045) Scripted
proxies can access inner window

- MFSA 2015-109/CVE-2015-4516 (bmo#904886) JavaScript
immutable property enforcement can be bypassed

- MFSA 2015-110/CVE-2015-4519 (bmo#1189814) Dragging and
dropping images exposes final URL after redirects

- MFSA 2015-111/CVE-2015-4520 (bmo#1200856, bmo#1200869)
Errors in the handling of CORS preflight request headers

- MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522/
CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177/
CVE-2015-7180 Vulnerabilities found through code
inspection

- MFSA 2015-113/CVE-2015-7178/CVE-2015-7179 (bmo#1189860,
bmo#1190526) (Windows only) Memory safety errors in
libGLES in the ANGLE graphics library

- MFSA 2015-114 (bmo#1167498, bmo#1153672) (Windows only)
Information disclosure via the High Resolution Time API

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=947003

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)