An update that fixes 43 vulnerabilities is now available. It includes three new package versions.
Description:
MozillaFirefox ESR was updated to version 38.4.0ESR to fix multiple security issues.
* MFSA 2015-116/CVE-2015-4513 Miscellaneous memory safety hazards (rv:42.0 / rv:38.4) * MFSA 2015-122/CVE-2015-7188 Trailing whitespace in IP address hostnames can bypass same-origin policy * MFSA 2015-123/CVE-2015-7189 Buffer overflow during image interactions in canvas * MFSA 2015-127/CVE-2015-7193 CORS preflight is bypassed when non-standard Content-Type headers are received * MFSA 2015-128/CVE-2015-7194 Memory corruption in libjar through zip files * MFSA 2015-130/CVE-2015-7196 JavaScript garbage collection crash with Java applet * MFSA 2015-131/CVE-2015-7198/CVE-2015-7199/CVE-2015-7200 Vulnerabilities found through code inspection * MFSA 2015-132/CVE-2015-7197 Mixed content WebSocket policy bypass through workers * MFSA 2015-133/CVE-2015-7181/CVE-2015-7182/CVE-2015-7183 NSS and NSPR memory corruption issues
It also includes fixes from 38.3.0ESR:
* MFSA 2015-96/CVE-2015-4500/CVE-2015-4501 Miscellaneous memory safety hazards (rv:41.0 / rv:38.3) * MFSA 2015-101/CVE-2015-4506 Buffer overflow in libvpx while parsing vp9 format video * MFSA 2015-105/CVE-2015-4511 Buffer overflow while decoding WebM video * MFSA 2015-106/CVE-2015-4509 Use-after-free while manipulating HTML media content * MFSA 2015-110/CVE-2015-4519 Dragging and dropping images exposes final URL after redirects * MFSA 2015-111/CVE-2015-4520 Errors in the handling of CORS preflight request headers * MFSA 2015-112/CVE-2015-4517/CVE-2015-4521/CVE-2015-4522 CVE-2015-7174/CVE-2015-7175/CVE-2015-7176/CVE-2015-7177 CVE-2015-7180 Vulnerabilities found through code inspection
It also includes fixes from the Firefox 38.2.1ESR release:
* MFSA 2015-94/CVE-2015-4497 (bsc#943557) Use-after-free when resizing canvas element during restyling * MFSA 2015-95/CVE-2015-4498 (bsc#943558) Add-on notification bypass through data URLs
It also includes fixes from the Firefox 38.2.0ESR release:
* MFSA 2015-79/CVE-2015-4473/CVE-2015-4474 Miscellaneous memory safety hazards (rv:40.0 / rv:38.2) * MFSA 2015-80/CVE-2015-4475 Out-of-bounds read with malformed MP3 file * MFSA 2015-82/CVE-2015-4478 Redefinition of non-configurable JavaScript object properties * MFSA 2015-83/CVE-2015-4479 Overflow issues in libstagefright * MFSA 2015-87/CVE-2015-4484 Crash when using shared memory in JavaScript * MFSA 2015-88/CVE-2015-4491 Heap overflow in gdk-pixbuf when scaling bitmap images * MFSA 2015-89/CVE-2015-4485/CVE-2015-4486 Buffer overflows on Libvpx when decoding WebM video * MFSA 2015-90/CVE-2015-4487/CVE-2015-4488/CVE-2015-4489 Vulnerabilities found through code inspection * MFSA 2015-92/CVE-2015-4492 Use-after-free in XMLHttpRequest with shared workers