openSUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________
Announcement ID: openSUSE-SU-2015:0077-1 Rating: important References: #908892 #910669 Cross-References: CVE-2014-8634 CVE-2014-8635 CVE-2014-8636 CVE-2014-8637 CVE-2014-8638 CVE-2014-8639 CVE-2014-8640 CVE-2014-8641 CVE-2014-8642 CVE-2014-8643 Affected Products: openSUSE 13.1 ______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
MozillaFirefox was updated to version 35.0 (bnc#910669)
Notable features: * Firefox Hello with new rooms-based conversations model * Implemented HTTP Public Key Pinning Extension (for enhanced authentication of encrypted connections)
Security fixes: * MFSA 2015-01/CVE-2014-8634/CVE-2014-8635 Miscellaneous memory safety hazards * MFSA 2015-02/CVE-2014-8637 (bmo#1094536) Uninitialized memory use during bitmap rendering * MFSA 2015-03/CVE-2014-8638 (bmo#1080987) sendBeacon requests lack an Origin header * MFSA 2015-04/CVE-2014-8639 (bmo#1095859) Cookie injection through Proxy Authenticate responses * MFSA 2015-05/CVE-2014-8640 (bmo#1100409) Read of uninitialized memory in Web Audio * MFSA 2015-06/CVE-2014-8641 (bmo#1108455) Read-after-free in WebRTC * MFSA 2015-07/CVE-2014-8643 (bmo#1114170) (Windows-only) Gecko Media Plugin sandbox escape * MFSA 2015-08/CVE-2014-8642 (bmo#1079658) Delegated OCSP responder certificates failure with id-pkix-ocsp-nocheck extension * MFSA 2015-09/CVE-2014-8636 (bmo#987794) XrayWrapper bypass through DOM objects
- obsolete tracker-miner-firefox < 0.15 because it leads to startup crashes (bnc#908892)
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch openSUSE-2015-40
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-35.0-54.2 MozillaFirefox-branding-upstream-35.0-54.2 MozillaFirefox-buildsymbols-35.0-54.2 MozillaFirefox-debuginfo-35.0-54.2 MozillaFirefox-debugsource-35.0-54.2 MozillaFirefox-devel-35.0-54.2 MozillaFirefox-translations-common-35.0-54.2 MozillaFirefox-translations-other-35.0-54.2
References:
http://support.novell.com/security/cve/CVE-2014-8634.html http://support.novell.com/security/cve/CVE-2014-8635.html http://support.novell.com/security/cve/CVE-2014-8636.html http://support.novell.com/security/cve/CVE-2014-8637.html http://support.novell.com/security/cve/CVE-2014-8638.html http://support.novell.com/security/cve/CVE-2014-8639.html http://support.novell.com/security/cve/CVE-2014-8640.html http://support.novell.com/security/cve/CVE-2014-8641.html http://support.novell.com/security/cve/CVE-2014-8642.html http://support.novell.com/security/cve/CVE-2014-8643.html https://bugzilla.suse.com/show_bug.cgi?id=908892 https://bugzilla.suse.com/show_bug.cgi?id=910669