Bug 913064 (CVE-2014-8634) - VUL-0: CVE-2014-8634: MozillaFirefox: Miscellaneous memory safety hazards (rv:31.4) (MFSA 2015-01)
Summary: VUL-0: CVE-2014-8634: MozillaFirefox: Miscellaneous memory safety hazards (rv...
Status: RESOLVED FIXED
Alias: CVE-2014-8634
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2015-01-22
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/112325/
Whiteboard: maint:released:sle11-sp1:60232 maint...
Keywords:
Depends on: 910669
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-14 10:30 UTC by Victor Pereira
Modified: 2015-02-02 14:18 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-01-14 10:30:53 UTC 
CVE-2014-8634

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code.

In general these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled, but are potentially a risk in browser or browser-like contexts.

Christian Holler and Patrick McManus reported memory safety problems and crashes that affect Firefox ESR 31.3 and Firefox 34.

References:
http://www.mozilla.org/security/announce/2015/mfsa2015-01.html
https://bugzilla.redhat.com/show_bug.cgi?id=1180962
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8634
https://rhn.redhat.com/errata/RHSA-2015-0047.html
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8634
Comment 1 Swamp Workflow Management 2015-01-14 23:01:44 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-01-15 10:16:08 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60231
Comment 3 Swamp Workflow Management 2015-01-31 00:09:50 UTC 
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104
CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
Comment 4 Marcus Meissner 2015-02-02 14:18:49 UTC 
released