SuSE Update For Mozilla OpenSUSE-SU-2014:0950-1 (Mozilla) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

update to Firefox 24.7.0 and Thunderbird 24.7.0 including fixes for * MFSA 2014-56/CVE-2014-1547/CVE-2014-1548 Miscellaneous memory safety hazards * MFSA 2014-61/CVE-2014-1555 (bmo#1023121) Use-after-free with FireOnStateChange event * MFSA 2014-62/CVE-2014-1556 (bmo#1028891) Exploitable WebGL crash with Cesium JavaScript library * MFSA 2014-63/CVE-2014-1544 (bmo#963150) Use-after-free while when manipulating certificates in the trusted cache (solved with NSS 3.16.2 requirement) * MFSA 2014-64/CVE-2014-1557 (bmo#913805) Crash in Skia library when scaling high quality images - require NSS 3.16.2

Affected

Mozilla on openSUSE 11.4

References

http://lists.opensuse.org/opensuse-security-announce/2014-07/msg00021.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-1492, CVE-2014-1544, CVE-2014-1547, CVE-2014-1548, CVE-2014-1555, CVE-2014-1556, CVE-2014-1557
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

SLES10: Security update for gecko-sdk and mozilla-xulrunner
SLES10: Security update for libxml2
SLES10: Security update for libvorbis
SLES10: Security update for libsndfile
SLES10: Security update for IBM Java 1.4.2

SuSE Update for Mozilla openSUSE-SU-2014:0950-1 (Mozilla)

Take action and discover your vulnerabilities