| Beschreibung: | Summary:
The remote host is missing an update for the 'MozillaFirefox'
package(s) announced via the referenced advisory.
Vulnerability Insight:
- update to Firefox 40.0 (bnc#940806)
* Added protection against unwanted software downloads
* Suggested Tiles show sites of interest, based on categories from your
recent browsing history
* Hello allows adding a link to conversations to provide context
on what the conversation will be about
* New style for add-on manager based on the in-content preferences style
* Improved scrolling, graphics, and video playback performance with off
main thread compositing (GNU/Linux only)
* Graphic blocklist mechanism improved: Firefox version ranges can be
specified, limiting the number of devices blocked security fixes:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety
hazards
* MFSA 2015-80/CVE-2015-4475 (bmo#1175396) Out-of-bounds read with
malformed MP3 file
* MFSA 2015-81/CVE-2015-4477 (bmo#1179484) Use-after-free in MediaStream
playback
* MFSA 2015-82/CVE-2015-4478 (bmo#1105914) Redefinition of
non-configurable JavaScript object properties
* MFSA 2015-83/CVE-2015-4479/CVE-2015-4480/CVE-2015-4493 Overflow issues
in libstagefright
* MFSA 2015-84/CVE-2015-4481 (bmo1171518) Arbitrary file overwriting
through Mozilla Maintenance Service with hard links (only affected
Windows)
* MFSA 2015-85/CVE-2015-4482 (bmo#1184500) Out-of-bounds write with
Updater and malicious MAR file (does not affect openSUSE RPM packages
which do not ship the updater)
* MFSA 2015-86/CVE-2015-4483 (bmo#1148732) Feed protocol with POST
bypasses mixed content protections
* MFSA 2015-87/CVE-2015-4484 (bmo#1171540) Crash when using shared
memory in JavaScript
* MFSA 2015-88/CVE-2015-4491 (bmo#1184009) Heap overflow in gdk-pixbuf
when scaling bitmap images
* MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 (bmo#1177948, bmo#1178148)
Buffer overflows on Libvpx when decoding WebM video
* MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities
found through code inspection
* MFSA 2015-91/CVE-2015-4490 (bmo#1086999) Mozilla Content Security
Policy allows for asterisk wildcards in violation of CSP specification
* MFSA 2015-92/CVE-2015-4492 (bmo#1185820) Use-after-free in
XMLHttpRequest with shared workers
- added mozilla-no-stdcxx-check.patch
- removed obsolete patches
* mozilla-add-glibcxx_use_cxx11_abi.patch
* firefox-multilocale-chrome.patch
- rebased patches
- requires version 40 of the branding package
- removed browser/searchplugins/ location as it's not valid anymore
- includes security update to Firefox 39.0.3 (bnc#940918)
* MFSA 2015-78/CVE-2015-4495 (bmo#1179262, bmo#1178058) Same origin
violation and local file stealing via PDF reader
Affected Software/OS:
MozillaFirefox on openSUSE 13.1
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
