Bug 923534 (CVE-2015-0817) - VUL-0: CVE-2015-0817 CVE-2015-0818: MozillaFirefox: out of band 36.0.4 / 31.5.3 releases
Summary: VUL-0: CVE-2015-0817 CVE-2015-0818: MozillaFirefox: out of band 36.0.4 / 31.5...
Status: RESOLVED FIXED
: 923495 (view as bug list)
Alias: CVE-2015-0817
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P1 - Urgent : Major
Target Milestone: ---
Deadline: 2015-03-31
Assignee: Petr Cerny
QA Contact: Security Team bot
URL:
Whiteboard: maint:released:sle11-sp3:61274 maint:...
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-22 09:50 UTC by Marcus Meissner
Modified: 2020-04-05 18:18 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-03-22 09:50:46 UTC 
After pwn2own, Mozilla Firefox released an intermediate emergency update
to fix two code execution problems.


MFSA 2015-29:

        Firefox 36.0.3
        Firefox ESR 31.5.2
        SeaMonkey 2.33.1

Security researcher ilxu1a reported, through HP Zero Day Initiative's Pwn2Own contest, a flaw in Mozilla's implementation of typed array bounds checking in JavaScript just-in-time compilation (JIT) and its management of bounds checking for heap access. This flaw can be leveraged into the reading and writing of memory allowing for arbitary code execution on the local system.
References

    Pwn2Own asm.js exploit (CVE-2015-0817)
    https://bugzilla.mozilla.org/show_bug.cgi?id=1145255

MFSA 2015-28:
Security researcher Mariusz Mlynski reported, through HP Zero Day Initiative's Pwn2Own contest, a method to run arbitrary scripts in a privileged context. This bypassed the same-origin policy protections by using a flaw in the processing of SVG format content navigation. 
An incomplete version of this fix was shipped in Firefox 36.0.3 and Firefox ESR 31.5.2. 


    Same-origin bypass via SVG hash navigation (CVE-2015-0818)
Comment 1 Swamp Workflow Management 2015-03-22 10:12:04 UTC 
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2015-03-31.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/61260
Comment 2 Wolfgang Rosenauer 2015-03-22 12:51:10 UTC 
*** Bug 923495 has been marked as a duplicate of this bug. ***
Comment 3 Bernhard Wiedemann 2015-03-22 13:00:11 UTC 
This is an autogenerated message for OBS integration:
This bug (923534) was mentioned in
https://build.opensuse.org/request/show/292311 13.1 / MozillaFirefox
https://build.opensuse.org/request/show/292312 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/292313 Factory / MozillaFirefox
https://build.opensuse.org/request/show/292315 Factory / seamonkey
https://build.opensuse.org/request/show/292316 13.1 / seamonkey
https://build.opensuse.org/request/show/292317 13.2 / seamonkey
https://build.opensuse.org/request/show/292318 Evergreen:11.4 / firefox31
Comment 4 Bernhard Wiedemann 2015-03-22 15:00:23 UTC 
This is an autogenerated message for OBS integration:
This bug (923534) was mentioned in
https://build.opensuse.org/request/show/292323 Evergreen:11.4 / MozillaFirefox
Comment 5 Swamp Workflow Management 2015-03-22 20:05:01 UTC 
openSUSE-SU-2015:0567-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 917597,923534
CVE References: CVE-2015-0817,CVE-2015-0818,CVE-2015-0822,CVE-2015-0827,CVE-2015-0831,CVE-2015-0833,CVE-2015-0836
Sources used:
openSUSE Evergreen 11.4 (src):    MozillaFirefox-31.5.3-137.1
Comment 7 Swamp Workflow Management 2015-03-25 03:05:03 UTC 
SUSE-SU-2015:0593-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 923534
CVE References: CVE-2015-0817,CVE-2015-0818
Sources used:
SUSE Linux Enterprise Software Development Kit 11 SP3 (src):    MozillaFirefox-31.5.3esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 for VMware (src):    MozillaFirefox-31.5.3esr-0.8.1
SUSE Linux Enterprise Server 11 SP3 (src):    MozillaFirefox-31.5.3esr-0.8.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    MozillaFirefox-31.5.3esr-0.8.1
Comment 8 Swamp Workflow Management 2015-03-26 07:04:59 UTC 
openSUSE-SU-2015:0607-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 923534
CVE References: CVE-2015-0817,CVE-2015-0818
Sources used:
openSUSE 13.2 (src):    MozillaFirefox-36.0.4-18.1
openSUSE 13.1 (src):    MozillaFirefox-36.0.4-63.1
Comment 9 Marcus Meissner 2015-03-27 14:19:51 UTC 
released all but sle12, whiuch is also in QA already
Comment 10 Swamp Workflow Management 2015-03-28 00:06:06 UTC 
SUSE-SU-2015:0593-2: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 923534
CVE References: CVE-2015-0817,CVE-2015-0818
Sources used:
SUSE Linux Enterprise Server 11 SP2 LTSS (src):    MozillaFirefox-31.5.3esr-0.3.1
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    MozillaFirefox-31.5.3esr-0.3.1
SUSE Linux Enterprise Server 10 SP4 LTSS (src):    MozillaFirefox-31.5.3esr-0.5.2
Comment 11 Swamp Workflow Management 2015-03-30 21:04:57 UTC 
openSUSE-SU-2015:0636-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 923534
CVE References: CVE-2015-0817,CVE-2015-0818
Sources used:
openSUSE 13.2 (src):    seamonkey-2.33.1-17.1
openSUSE 13.1 (src):    seamonkey-2.33.1-53.1