| Errata ID | 168 |
|---|---|
| Date | 2015-05-07 |
| Source package | iceweasel |
| Fixed in version | 31.6.0esr-1.55.201504151819 |
| Description | Several vulnerabilities have been fixed with the update to Iceweasel ESR 31.6: * 4-byte buffer overflow in libx11 macro SetReqLen * Same-origin bypass through anchor navigation (CVE-2015-0801) * Potential XSRF affecting sendBeacon() requests (CORS requests should not follow 30x redirections after prefligh) (CVE-2015-0807) * Use-after-free when using the Fluendo MP3 GStreamer plugin (CVE-2015-0813) * Memory safety bugs (CVE-2015-0815) * resource:// documents can load privileged pages (CVE-2015-0816) * Reading and writing of memory allowing for arbitrary code execution on the local system (Pwn2Own asm.js exploit) (CVE-2015-0817) * Run arbitrary scripts in a privileged context (Same-origin bypass via SVG hash navigation) (CVE-2015-0818) * Reading of local files through manipulation of form autocomplete (CVE-2015-0822) * Out-of-bounds read and write while rendering SVG content (CVE-2015-0827) * Use-after-free in IndexedDB (CVE-2015-0831) * Memory safety problems and crashes (CVE-2015-0835) * Miscellaneous memory safety hazards (CVE-2015-0836) |
| Additional notes | This update fixes these vulnerabilities. |
| CVE ID | CVE-2013-7439 CVE-2015-0801 CVE-2015-0807 CVE-2015-0813 CVE-2015-0815 CVE-2015-0816 CVE-2015-0817 CVE-2015-0818 CVE-2015-0822 CVE-2015-0827 CVE-2015-0831 CVE-2015-0835 CVE-2015-0836 |
| UCS Bug number | #38271 |
