| Errata ID | 166 |
|---|---|
| Date | 2015-05-07 |
| Source package | firefox-de |
| Fixed in version | 31.6.0esr-3.58.201504131849 |
| Description | Several vulnerabilities have been fixed with the update to Firefox ESR 31.6: * Reading and writing of memory allowing for arbitrary code execution on the local system (Pwn2Own asm.js exploit) (CVE-2015-0817) * Run arbitrary scripts in a privileged context (Same-origin bypass via SVG hash navigation) (CVE-2015-0818) * Same-origin bypass through anchor navigation (CVE-2015-0801) * Potential XSRF affecting sendBeacon() requests (CORS requests should not follow 30x redirections after prefligh) (CVE-2015-0807) * Use-after-free when using the Fluendo MP3 GStreamer plugin (CVE-2015-0813) * Memory safety bugs (CVE-2015-0815) * resource:// documents can load privileged pages (CVE-2015-0816) |
| Additional notes | This update consists of two updates for firefox-en and firefox-de. |
| CVE ID | CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 |
| UCS Bug number | #38179 |
