openSUSE Security Update : xulrunner (openSUSE-2015-966)
Critical Nessus Plugin ID 87635
SynopsisThe remote openSUSE host is missing a security update.
DescriptionXulrunner was updated to 38.5.0 to fix several security issues.
The following vulnerabilities were fixed (boo#959277) :
- CVE-2015-7201: Miscellaneous memory safety hazards
- CVE-2015-7210: Use-after-free in WebRTC when datachannel is used after being destroyed
- CVE-2015-7212: Integer overflow allocating extremely large textures
- CVE-2015-7205: Underflow through code inspection
- CVE-2015-7213: Integer overflow in MP4 playback in 64-bit versions
- CVE-2015-7222: Integer underflow and buffer overflow processing MP4 metadata in libstagefright
- CVE-2015-7214: Cross-site reading attack through data and view-source URIs
SolutionUpdate the affected xulrunner packages.