Bug 913067 (CVE-2014-8641) - VUL-0: CVE-2014-8641: MozillaFirefox: Read-after-free in WebRTC (MFSA 2015-06)
Summary: VUL-0: CVE-2014-8641: MozillaFirefox: Read-after-free in WebRTC (MFSA 2015-06)
Status: RESOLVED FIXED
Alias: CVE-2014-8641
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Deadline: 2015-01-22
Assignee: Petr Cerny
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/112328/
Whiteboard: maint:released:sle10-sp3:60233 maint...
Keywords:
Depends on: 910669
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-14 10:33 UTC by Victor Pereira
Modified: 2015-02-02 14:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2015-01-14 10:33:33 UTC 
CVE-2014-8641

Security researcher Mitchell Harper discovered a read-after-free in WebRTC due to the way tracks are handled. This results in a either a potentially exploitable crash or incorrect WebRTC behavior. 



References:
http://www.mozilla.org/security/announce/2015/mfsa2015-06.html
https://bugzilla.redhat.com/show_bug.cgi?id=1180973
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8641
https://rhn.redhat.com/errata/RHSA-2015-0046.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8641
Comment 1 Swamp Workflow Management 2015-01-14 23:02:03 UTC 
bugbot adjusting priority
Comment 2 Swamp Workflow Management 2015-01-15 10:15:49 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-01-22.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/60231
Comment 3 Swamp Workflow Management 2015-01-31 00:10:10 UTC 
SUSE-SU-2015:0180-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 910647,910669,913064,913066,913067,913068,913102,913103,913104
CVE References: CVE-2014-1569,CVE-2014-8634,CVE-2014-8636,CVE-2014-8637,CVE-2014-8638,CVE-2014-8639,CVE-2014-8640,CVE-2014-8641
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.4.0esr-0.8.7, mozilla-nss-3.17.3-0.8.11
Comment 4 Marcus Meissner 2015-02-02 14:19:01 UTC 
reelased