Bug 894370 (CVE-2014-1562)

Summary: VUL-0: MozillaFirefox 32/31.1 security release
Product: [openSUSE] openSUSE 13.1 Reporter: Wolfgang Rosenauer <wolfgang>
Component: SecurityAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Major    
Priority: P3 - Medium CC: meissner, pcerny, security-team
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:released:sle11-sp3:58825 maint:released:sle11-sp2:58829 maint:released:sle10-sp3:58832 maint:released:sle10-sp3:58824 maint:released:sle10-sp4:58833 maint:released:sle11-sp1:58823 maint:released:sle11-sp1:58828 maint:running:59192:important maint:released:oes11-sp1:59224 CVSSv2:NVD:CVE-2014-1553:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2014-1554:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2014-1563:10.0:(AV:N/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2014-1564:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2014-1565:5.0:(AV:N/AC:L/Au:N/C:P/I:N/A:N) CVSSv2:NVD:CVE-2014-1566:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2014-1553:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2014-1563:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2014-1564:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N) CVSSv2:RedHat:CVE-2014-1565:4.3:(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Deadline: 2014-10-06   

Description Wolfgang Rosenauer 2014-09-01 07:16:19 UTC 
https://wiki.mozilla.org/Releases

Firefox 32 and 31.1esr
Thunderbird 31.1

will be released 2014-09-02.

Minimal requirements:
NSPR 4.10.6
NSS 3.16.4

Current problem:
Firefox 32 does not build on 13.1 and Factory (i586-only)

Firefox 31.1 works everywhere

My idea would be update to 31.1 everywhere for the time being until the other issue is fixed.
Comment 1 Swamp Workflow Management 2014-09-01 22:12:56 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2014-09-02 19:00:28 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/247292 Factory / MozillaFirefox
https://build.opensuse.org/request/show/247293 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/247294 12.3 / MozillaFirefox
https://build.opensuse.org/request/show/247295 Factory / MozillaThunderbird
https://build.opensuse.org/request/show/247296 13.1 / MozillaThunderbird
https://build.opensuse.org/request/show/247297 12.3 / MozillaThunderbird
https://build.opensuse.org/request/show/247299 Evergreen:11.4 / MozillaFirefox
https://build.opensuse.org/request/show/247300 Evergreen:11.4 / thunderbird24
Comment 3 Bernhard Wiedemann 2014-09-02 21:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/247303 Evergreen:11.4 / MozillaFirefox
Comment 5 Marcus Meissner 2014-09-03 08:20:12 UTC 
MFSA 2014-72 / CVE-2014-1567: Security researcher regenrecht reported, via TippingPoint's Zero Day Initiative, a use-after-free during text layout when interacting with the setting of text direction. This results in a use-after-free which can lead to arbitrary code execution. 

ANDROID only:
MFSA 2014-71 / CVE-2014-1566: Security researcher Yu Dongsong reported on Firefox for Android that a file: protocol hyperlink could link to a local file in the Firefox profile directory, bypassing access restrictions. This issue was previously addressed in Mozilla Foundation Security Advisory 2014-33 but not completely.

This problem allows for profile data, such as cookies, to be copied to the SD card without prompting to the use. This SD card location is world readable leading to a potential information disclosure of files in the Firefox profile through a malicious application. 

MFSA 2014-70 / CVE-2014-1565: Security researcher Holger Fuhrmannek discovered an out-of-bounds read during the creation of an audio timeline in Web Audio. This results in a crash and could allow for the reading of random memory values. 

MFSA 2014-69 / CVE-2014-1564: Google security researcher Michal Zalewski discovered that when a malformated GIF image is rendered in certain circumstances, memory is not properly initialized before use. The resulting image then uses this memory during rendering. This could allow for the a script in web content to access this unitialized memory using the <canvas> feature. 

MFSA 2014-68 / CVE-2014-1563: Security researcher Abhishek Arya (Inferno) of the Google Chrome Security Team used the Address Sanitizer tool to discover a use-after-free during cycle collection. This was found in interactions with the SVG content through the document object model (DOM) with animating SVG content. This leads to a potentially exploitable crash. 

MFSA 2014-67: Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

Jan de Mooij reported a memory safety problem that affects Firefox ESR 24.7, ESR 31 and Firefox 31. (CVE-2014-1562)

Christian Holler, Jan de Mooij, Karl Tomlinson, Randell Jesup, Gary Kwong, Jesse Ruderman, and JW Wang reported memory safety problems and crashes that affect Firefox ESR 31 and Firefox 31. (CVE-2014-1553)

Gary Kwong, Christian Holler, and David Weir reported memory safety problems and crashes that affect Firefox 31. (CVE-2014-1554)
Comment 12 Bernhard Wiedemann 2014-09-08 11:01:00 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/248005 Evergreen:11.4 / thunderbird24
Comment 14 Swamp Workflow Management 2014-09-09 10:07:24 UTC 
openSUSE-SU-2014:1098-1: An update that fixes 6 vulnerabilities is now available.

Category: security (important)
Bug References: 894370
CVE References: CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 13.1 (src):    MozillaThunderbird-31.1.0-70.31.1
openSUSE 12.3 (src):    MozillaThunderbird-31.1.0-61.59.1
Comment 15 Swamp Workflow Management 2014-09-09 10:07:52 UTC 
openSUSE-SU-2014:1099-1: An update that fixes 6 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894201,894370
CVE References: CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-31.1.0-42.1, mozilla-nss-3.16.4-35.1
openSUSE 12.3 (src):    MozillaFirefox-31.1.0-1.86.1, mozilla-nss-3.16.4-1.51.1
Comment 16 Bernhard Wiedemann 2014-09-09 14:00:20 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/248162 Evergreen:11.4 / thunderbird24
Comment 17 Swamp Workflow Management 2014-09-09 16:23:45 UTC 
openSUSE-SU-2014:1100-1: An update that fixes 475 vulnerabilities is now available.

Category: security (important)
Bug References: 104586,354469,385739,390992,417869,41903,429179,439841,441084,455804,484321,503151,518603,527418,528406,529180,542809,559819,576969,582276,586567,593807,603356,622506,637303,642502,645315,649492,657016,664211,667155,689281,701296,712224,714931,720264,726758,728520,732898,733002,737533,744275,746616,747328,749440,750044,755060,758408,765204,771583,777588,783533,786522,790140,796895,804248,808243,813026,819204,825935,833389,840485,847708,854370,861847,868603,875378,876833,881874,887746,894201,894370
CVE References: CVE-2007-3089,CVE-2007-3285,CVE-2007-3656,CVE-2007-3670,CVE-2007-3734,CVE-2007-3735,CVE-2007-3736,CVE-2007-3737,CVE-2007-3738,CVE-2008-0016,CVE-2008-1233,CVE-2008-1234,CVE-2008-1235,CVE-2008-1236,CVE-2008-1237,CVE-2008-3835,CVE-2008-4058,CVE-2008-4059,CVE-2008-4060,CVE-2008-4061,CVE-2008-4062,CVE-2008-4063,CVE-2008-4064,CVE-2008-4065,CVE-2008-4066,CVE-2008-4067,CVE-2008-4068,CVE-2008-4070,CVE-2008-5012,CVE-2008-5014,CVE-2008-5016,CVE-2008-5017,CVE-2008-5018,CVE-2008-5021,CVE-2008-5022,CVE-2008-5024,CVE-2008-5500,CVE-2008-5501,CVE-2008-5502,CVE-2008-5503,CVE-2008-5506,CVE-2008-5507,CVE-2008-5508,CVE-2008-5510,CVE-2008-5511,CVE-2008-5512,CVE-2009-0040,CVE-2009-0771,CVE-2009-0772,CVE-2009-0773,CVE-2009-0774,CVE-2009-0776,CVE-2009-1571,CVE-2009-3555,CVE-2010-0159,CVE-2010-0173,CVE-2010-0174,CVE-2010-0175,CVE-2010-0176,CVE-2010-0182,CVE-2010-0654,CVE-2010-1121,CVE-2010-1196,CVE-2010-1199,CVE-2010-1200,CVE-2010-1201,CVE-2010-1202,CVE-2010-1203,CVE-2010-1205,CVE-2010-1211,CVE-2010-1212,CVE-2010-1213,CVE-2010-1585,CVE-2010-2752,CVE-2010-2753,CVE-2010-2754,CVE-2010-2760,CVE-2010-2762,CVE-2010-2764,CVE-2010-2765,CVE-2010-2766,CVE-2010-2767,CVE-2010-2768,CVE-2010-2769,CVE-2010-3166,CVE-2010-3167,CVE-2010-3168,CVE-2010-3169,CVE-2010-3170,CVE-2010-3173,CVE-2010-3174,CVE-2010-3175,CVE-2010-3176,CVE-2010-3178,CVE-2010-3179,CVE-2010-3180,CVE-2010-3182,CVE-2010-3183,CVE-2010-3765,CVE-2010-3768,CVE-2010-3769,CVE-2010-3776,CVE-2010-3777,CVE-2010-3778,CVE-2011-0053,CVE-2011-0061,CVE-2011-0062,CVE-2011-0069,CVE-2011-0070,CVE-2011-0072,CVE-2011-0074,CVE-2011-0075,CVE-2011-0077,CVE-2011-0078,CVE-2011-0080,CVE-2011-0081,CVE-2011-0083,CVE-2011-0084,CVE-2011-0085,CVE-2011-1187,CVE-2011-2362,CVE-2011-2363,CVE-2011-2364,CVE-2011-2365,CVE-2011-2371,CVE-2011-2372,CVE-2011-2373,CVE-2011-2374,CVE-2011-2376,CVE-2011-2377,CVE-2011-2985,CVE-2011-2986,CVE-2011-2987,CVE-2011-2988,CVE-2011-2989,CVE-2011-2991,CVE-2011-2992,CVE-2011-3000,CVE-2011-3001,CVE-2011-3005,CVE-2011-3026,CVE-2011-3062,CVE-2011-3101,CVE-2011-3232,CVE-2011-3648,CVE-2011-3650,CVE-2011-3651,CVE-2011-3652,CVE-2011-3654,CVE-2011-3655,CVE-2011-3658,CVE-2011-3659,CVE-2011-3660,CVE-2011-3661,CVE-2011-3663,CVE-2012-0441,CVE-2012-0442,CVE-2012-0443,CVE-2012-0444,CVE-2012-0445,CVE-2012-0446,CVE-2012-0447,CVE-2012-0449,CVE-2012-0451,CVE-2012-0452,CVE-2012-0455,CVE-2012-0456,CVE-2012-0457,CVE-2012-0458,CVE-2012-0459,CVE-2012-0460,CVE-2012-0461,CVE-2012-0462,CVE-2012-0463,CVE-2012-0464,CVE-2012-0467,CVE-2012-0468,CVE-2012-0469,CVE-2012-0470,CVE-2012-0471,CVE-2012-0472,CVE-2012-0473,CVE-2012-0474,CVE-2012-0475,CVE-2012-0477,CVE-2012-0478,CVE-2012-0479,CVE-2012-0759,CVE-2012-1937,CVE-2012-1938,CVE-2012-1940,CVE-2012-1941,CVE-2012-1944,CVE-2012-1945,CVE-2012-1946,CVE-2012-1947,CVE-2012-1948,CVE-2012-1949,CVE-2012-1951,CVE-2012-1952,CVE-2012-1953,CVE-2012-1954,CVE-2012-1955,CVE-2012-1956,CVE-2012-1957,CVE-2012-1958,CVE-2012-1959,CVE-2012-1960,CVE-2012-1961,CVE-2012-1962,CVE-2012-1963,CVE-2012-1967,CVE-2012-1970,CVE-2012-1972,CVE-2012-1973,CVE-2012-1974,CVE-2012-1975,CVE-2012-1976,CVE-2012-3956,CVE-2012-3957,CVE-2012-3958,CVE-2012-3959,CVE-2012-3960,CVE-2012-3961,CVE-2012-3962,CVE-2012-3963,CVE-2012-3964,CVE-2012-3966,CVE-2012-3967,CVE-2012-3968,CVE-2012-3969,CVE-2012-3970,CVE-2012-3971,CVE-2012-3972,CVE-2012-3975,CVE-2012-3978,CVE-2012-3980,CVE-2012-3982,CVE-2012-3983,CVE-2012-3984,CVE-2012-3985,CVE-2012-3986,CVE-2012-3988,CVE-2012-3989,CVE-2012-3990,CVE-2012-3991,CVE-2012-3992,CVE-2012-3993,CVE-2012-3994,CVE-2012-3995,CVE-2012-4179,CVE-2012-4180,CVE-2012-4181,CVE-2012-4182,CVE-2012-4183,CVE-2012-4184,CVE-2012-4185,CVE-2012-4186,CVE-2012-4187,CVE-2012-4188,CVE-2012-4191,CVE-2012-4192,CVE-2012-4193,CVE-2012-4194,CVE-2012-4195,CVE-2012-4196,CVE-2012-4201,CVE-2012-4202,CVE-2012-4204,CVE-2012-4205,CVE-2012-4207,CVE-2012-4208,CVE-2012-4209,CVE-2012-4212,CVE-2012-4213,CVE-2012-4214,CVE-2012-4215,CVE-2012-4216,CVE-2012-4217,CVE-2012-4218,CVE-2012-5829,CVE-2012-5830,CVE-2012-5833,CVE-2012-5835,CVE-2012-5836,CVE-2012-5837,CVE-2012-5838,CVE-2012-5839,CVE-2012-5840,CVE-2012-5841,CVE-2012-5842,CVE-2012-5843,CVE-2013-0743,CVE-2013-0744,CVE-2013-0745,CVE-2013-0746,CVE-2013-0747,CVE-2013-0748,CVE-2013-0749,CVE-2013-0750,CVE-2013-0752,CVE-2013-0753,CVE-2013-0754,CVE-2013-0755,CVE-2013-0756,CVE-2013-0757,CVE-2013-0758,CVE-2013-0760,CVE-2013-0761,CVE-2013-0762,CVE-2013-0763,CVE-2013-0764,CVE-2013-0766,CVE-2013-0767,CVE-2013-0768,CVE-2013-0769,CVE-2013-0770,CVE-2013-0771,CVE-2013-0773,CVE-2013-0774,CVE-2013-0775,CVE-2013-0776,CVE-2013-0780,CVE-2013-0782,CVE-2013-0783,CVE-2013-0787,CVE-2013-0788,CVE-2013-0789,CVE-2013-0793,CVE-2013-0795,CVE-2013-0796,CVE-2013-0800,CVE-2013-0801,CVE-2013-1669,CVE-2013-1670,CVE-2013-1674,CVE-2013-1675,CVE-2013-1676,CVE-2013-1677,CVE-2013-1678,CVE-2013-1679,CVE-2013-1680,CVE-2013-1681,CVE-2013-1682,CVE-2013-1684,CVE-2013-1685,CVE-2013-1686,CVE-2013-1687,CVE-2013-1690,CVE-2013-1692,CVE-2013-1693,CVE-2013-1694,CVE-2013-1697,CVE-2013-1701,CVE-2013-1709,CVE-2013-1710,CVE-2013-1713,CVE-2013-1714,CVE-2013-1717,CVE-2013-1718,CVE-2013-1719,CVE-2013-1720,CVE-2013-1722,CVE-2013-1723,CVE-2013-1724,CVE-2013-1725,CVE-2013-1728,CVE-2013-1730,CVE-2013-1732,CVE-2013-1735,CVE-2013-1736,CVE-2013-1737,CVE-2013-1738,CVE-2013-5590,CVE-2013-5591,CVE-2013-5592,CVE-2013-5593,CVE-2013-5595,CVE-2013-5596,CVE-2013-5597,CVE-2013-5599,CVE-2013-5600,CVE-2013-5601,CVE-2013-5602,CVE-2013-5603,CVE-2013-5604,CVE-2013-5609,CVE-2013-5610,CVE-2013-5611,CVE-2013-5612,CVE-2013-5613,CVE-2013-5614,CVE-2013-5615,CVE-2013-5616,CVE-2013-5618,CVE-2013-5619,CVE-2013-6629,CVE-2013-6630,CVE-2013-6671,CVE-2013-6672,CVE-2013-6673,CVE-2014-1477,CVE-2014-1478,CVE-2014-1479,CVE-2014-1480,CVE-2014-1481,CVE-2014-1482,CVE-2014-1483,CVE-2014-1484,CVE-2014-1485,CVE-2014-1486,CVE-2014-1487,CVE-2014-1488,CVE-2014-1489,CVE-2014-1490,CVE-2014-1491,CVE-2014-1492,CVE-2014-1493,CVE-2014-1494,CVE-2014-1497,CVE-2014-1498,CVE-2014-1499,CVE-2014-1500,CVE-2014-1502,CVE-2014-1504,CVE-2014-1505,CVE-2014-1508,CVE-2014-1509,CVE-2014-1510,CVE-2014-1511,CVE-2014-1512,CVE-2014-1513,CVE-2014-1514,CVE-2014-1518,CVE-2014-1519,CVE-2014-1522,CVE-2014-1523,CVE-2014-1524,CVE-2014-1525,CVE-2014-1526,CVE-2014-1528,CVE-2014-1529,CVE-2014-1530,CVE-2014-1531,CVE-2014-1532,CVE-2014-1533,CVE-2014-1534,CVE-2014-1536,CVE-2014-1537,CVE-2014-1538,CVE-2014-1539,CVE-2014-1540,CVE-2014-1541,CVE-2014-1542,CVE-2014-1543,CVE-2014-1544,CVE-2014-1545,CVE-2014-1547,CVE-2014-1548,CVE-2014-1549,CVE-2014-1550,CVE-2014-1552,CVE-2014-1553,CVE-2014-1555,CVE-2014-1556,CVE-2014-1557,CVE-2014-1558,CVE-2014-1559,CVE-2014-1560,CVE-2014-1561,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567
Sources used:
openSUSE 11.4 (src):    MozillaFirefox-24.8.0-127.1, mozilla-nss-3.16.4-94.1
Comment 18 Swamp Workflow Management 2014-09-10 03:04:31 UTC 
SUSE-SU-2014:1107-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 894370
CVE References: CVE-2014-1562,CVE-2014-1567
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-24.8.0esr-0.8.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-24.8.0esr-0.8.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-24.8.0esr-0.8.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.8.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-24.8.0esr-0.8.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.8.1
Comment 19 Swamp Workflow Management 2014-09-10 22:04:32 UTC 
SUSE-SU-2014:1112-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 894370
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-24.8.0esr-0.3.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.3.1
Comment 20 Swamp Workflow Management 2014-09-12 00:06:46 UTC 
SUSE-SU-2014:1120-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 882881,894370
CVE References: CVE-2014-1562,CVE-2014-1567
Sources used:
SUSE Linux Enterprise Server 10 SP3 LTSS (src):    MozillaFirefox-24.8.0esr-0.5.1, firefox-gtk2-2.18.9-0.11.1, mozilla-nspr-4.10.7-0.5.1, mozilla-nss-3.16.4-0.5.2
Comment 21 Swamp Workflow Management 2014-09-12 04:07:37 UTC 
SUSE-SU-2014:1120-2: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 882881,894370
CVE References: CVE-2014-1562,CVE-2014-1567
Sources used:
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-24.8.0esr-0.5.1, firefox-gtk2-2.18.9-0.11.1, mozilla-nspr-4.10.7-0.5.1, mozilla-nss-3.16.4-0.5.2
Comment 22 Marcus Meissner 2014-09-12 14:29:50 UTC 
released
Comment 23 Swamp Workflow Management 2014-09-12 17:04:24 UTC 
SUSE-SU-2014:1112-2: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 894370
CVE References: 
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    MozillaFirefox-24.8.0esr-0.3.1, mozilla-nspr-4.10.7-0.3.1, mozilla-nss-3.16.4-0.3.1
Comment 24 Bernhard Wiedemann 2014-09-22 21:00:24 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/251469 Factory / MozillaFirefox
Comment 25 Swamp Workflow Management 2014-09-29 03:44:35 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-10-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59192
Comment 26 Swamp Workflow Management 2014-09-29 03:47:19 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-10-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/59193
Comment 27 Bernhard Wiedemann 2014-10-16 07:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (894370) was mentioned in
https://build.opensuse.org/request/show/256811 12.3 / seamonkey
https://build.opensuse.org/request/show/256812 13.1 / seamonkey
https://build.opensuse.org/request/show/256813 Factory / seamonkey
Comment 28 Swamp Workflow Management 2014-11-02 12:05:10 UTC 
openSUSE-SU-2014:1344-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,896624,897890,900941,901213
CVE References: CVE-2014-1554,CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 12.3 (src):    MozillaFirefox-33.0-1.90.1, mozilla-nspr-4.10.7-1.34.1, mozilla-nss-3.17.1-1.59.1, seamonkey-2.30-1.61.1
Comment 29 Swamp Workflow Management 2014-11-02 12:06:12 UTC 
openSUSE-SU-2014:1345-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,896624,897890,900941,901213
CVE References: CVE-2014-1554,CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-33.0-46.2, mozilla-nspr-4.10.7-16.1, mozilla-nss-3.17.1-43.1, seamonkey-2.30-36.2
Comment 30 Swamp Workflow Management 2014-12-17 15:05:24 UTC 
openSUSE-SU-2014:1655-1: An update that fixes 20 vulnerabilities is now available.

Category: security (moderate)
Bug References: 894370,900639,900941,908009
CVE References: CVE-2014-1574,CVE-2014-1575,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1580,CVE-2014-1581,CVE-2014-1582,CVE-2014-1583,CVE-2014-1584,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1588,CVE-2014-1589,CVE-2014-1590,CVE-2014-1591,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594
Sources used:
openSUSE 13.2 (src):    seamonkey-2.31-4.2
Comment 31 Swamp Workflow Management 2015-01-25 15:05:24 UTC 
openSUSE-SU-2015:0138-1: An update that fixes 74 vulnerabilities is now available.

Category: security (important)
Bug References: 876833,894370,900639,900941,908009,910669
CVE References: 2013-5611,2013-5612,2013-5614,2013-5619,2013-6672,2014-1480,2014-1483,2014-1484,2014-1485,2014-1488,2014-1489,2014-1492,2014-1498,2014-1499,2014-1500,2014-1502,2014-1504,2014-1519,2014-1522,2014-1525,2014-1526,2014-1528,2014-1539,2014-1540,2014-1542,2014-1543,2014-1549,2014-1550,2014-1552,2014-1553,2014-1558,2014-1559,2014-1560,2014-1561,2014-1563,2014-1564,2014-1565,2014-1574,2014-1576,2014-1577,2014-1578,2014-1581,2014-1583,2014-1585,2014-1586,2014-1587,2014-1590,2014-1592,2014-1593,2014-1594,2014-8634,2014-8635,2014-8638,2014-8639,2014-8641,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1569,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.4.0-133.1, mozilla-nspr-4.10.7-49.1, mozilla-nss-3.17.3-104.1
Comment 32 Swamp Workflow Management 2015-07-18 17:07:38 UTC 
openSUSE-SU-2015:1266-1: An update that fixes 52 vulnerabilities is now available.

Category: security (important)
Bug References: 894370,900639,900941,908009,910669,917597,925368,930622,935979
CVE References: CVE-2011-3079,CVE-2014-1553,CVE-2014-1562,CVE-2014-1563,CVE-2014-1564,CVE-2014-1565,CVE-2014-1567,CVE-2014-1574,CVE-2014-1576,CVE-2014-1577,CVE-2014-1578,CVE-2014-1581,CVE-2014-1585,CVE-2014-1586,CVE-2014-1587,CVE-2014-1590,CVE-2014-1592,CVE-2014-1593,CVE-2014-1594,CVE-2014-8634,CVE-2014-8635,CVE-2014-8638,CVE-2014-8639,CVE-2015-0801,CVE-2015-0807,CVE-2015-0813,CVE-2015-0815,CVE-2015-0816,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836,CVE-2015-2708,CVE-2015-2710,CVE-2015-2713,CVE-2015-2716,CVE-2015-2721,CVE-2015-2722,CVE-2015-2724,CVE-2015-2728,CVE-2015-2730,CVE-2015-2733,CVE-2015-2734,CVE-2015-2735,CVE-2015-2736,CVE-2015-2737,CVE-2015-2738,CVE-2015-2739,CVE-2015-2740,CVE-2015-2743,CVE-2015-4000
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.8.0-143.1, MozillaThunderbird-31.8.0-110.1, mozilla-nspr-4.10.8-52.1, mozilla-nss-3.19.2-107.1