Please Install the Updated Packages.

Mozilla Firefox was updated to version 28.0, receiving enhancements, bug and security fixes. Mozilla NSPR was updated to 4.10.4 receiving enhancements, bug and security fixes. Mozilla NSS was updated to 3.15.5 receiving enhancements, bug and security fixes. Changes in MozillaFirefox: - update to Firefox 28.0 (bnc#868603) * MFSA 2014-15/CVE-2014-1493/CVE-2014-1494 Miscellaneous memory safety hazards * MFSA 2014-17/CVE-2014-1497 (bmo#966311) Out of bounds read during WAV file decoding * MFSA 2014-18/CVE-2014-1498 (bmo#935618) crypto.generateCRMFRequest does not validate type of key * MFSA 2014-19/CVE-2014-1499 (bmo#961512) Spoofing attack on WebRTC permission prompt * MFSA 2014-20/CVE-2014-1500 (bmo#956524) onbeforeunload and Javascript navigation DOS * MFSA 2014-22/CVE-2014-1502 (bmo#972622) WebGL content injection from one domain to rendering in another * MFSA 2014-23/CVE-2014-1504 (bmo#911547) Content Security Policy for data: documents not preserved by session restore * MFSA 2014-26/CVE-2014-1508 (bmo#963198) Information disclosure through polygon rendering in MathML * MFSA 2014-27/CVE-2014-1509 (bmo#966021) Memory corruption in Cairo during PDF font rendering * MFSA 2014-28/CVE-2014-1505 (bmo#941887) SVG filters information disclosure through feDisplacementMap * MFSA 2014-29/CVE-2014-1510/CVE-2014-1511 (bmo#982906, bmo#982909) Privilege escalation using WebIDL-implemented APIs * MFSA 2014-30/CVE-2014-1512 (bmo#982957) Use-after-free in TypeObject * MFSA 2014-31/CVE-2014-1513 (bmo#982974) Out-of-bounds read/write through neutering ArrayBuffer objects * MFSA 2014-32/CVE-2014-1514 (bmo#983344) Out-of-bounds write through TypedArrayObject after neutering - requires NSPR 4.10.3 and NSS 3.15.5 - new build dependency (and recommends): * libpulse * JS math correctness issue (bmo#941381) Changes in mozilla-nspr: - update to version 4.10.4 * bmo#767759: Add support for new x32 abi * bmo#844784: Thread data race in PR_EnterMonitor * bmo#939786: data race nsprpub/pr/src/pthreads/ptthread.c:137 _pt_root * bmo#958796: Users of _beginthreadex that set a custom stack size may not be getting the behavior they want * bmo#963033: AArch64 support update for NSPR * bmo#969061: Incorrect end-of-list test when iterating over a PRCList in prcountr.c and prtrace.c * bmo#971152: IPv6 detection on linux depends on availability of /proc/net/if_inet6 - update to version 4.10.3 * bmo#749849: ensure we'll free the thread-specific data key. * bmo#941461: don't compile andr ... Description truncated, for more information please check the Reference URL

MozillaFirefox on openSUSE 13.1, openSUSE 12.3

• http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00022.html

---

Updated on 2015-03-25