Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:1380-1 Final 1 1 2015-08-12T15:39:11Z current 2015-08-12T15:39:11Z 2015-08-12T15:39:11Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This security update (bsc#940918) fixes the following issues: * MFSA 2015-78 (CVE-2015-4495, bmo#1178058): Same origin violation * Remove PlayPreview registration from PDF Viewer (bmo#1179262) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp3-MozillaFirefox-12028,sdksp4-MozillaFirefox-12028,sledsp3-MozillaFirefox-12028,sledsp4-MozillaFirefox-12028,slessp3-MozillaFirefox-12028,slessp4-MozillaFirefox-12028 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20151380-1/ Link for SUSE-SU-2015:1380-1 https://lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html E-Mail link for SUSE-SU-2015:1380-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/940918 SUSE Bug 940918 https://www.suse.com/security/cve/CVE-2015-4495/ SUSE CVE CVE-2015-4495 page SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 11 SP4 SUSE Linux Enterprise Server 11 SP3 SUSE Linux Enterprise Server 11 SP3-TERADATA SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP3 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 MozillaFirefox-devel-31.8.0esr-0.13.2 MozillaFirefox-31.8.0esr-0.13.2 MozillaFirefox-translations-31.8.0esr-0.13.2 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Desktop 11 SP3 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Desktop 11 SP4 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP3 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP3-TERADATA MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server 11 SP4 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP3 MozillaFirefox-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-translations-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 MozillaFirefox-devel-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP3 MozillaFirefox-devel-31.8.0esr-0.13.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015. CVE-2015-4495 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Desktop 11 SP4:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP3-TERADATA:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP3:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Server 11 SP4:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Server for SAP Applications 11 SP3:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-31.8.0esr-0.13.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:MozillaFirefox-translations-31.8.0esr-0.13.2 SUSE Linux Enterprise Software Development Kit 11 SP3:MozillaFirefox-devel-31.8.0esr-0.13.2 SUSE Linux Enterprise Software Development Kit 11 SP4:MozillaFirefox-devel-31.8.0esr-0.13.2 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20151380-1/ https://www.suse.com/security/cve/CVE-2015-4495.html CVE-2015-4495 https://bugzilla.suse.com/940806 SUSE Bug 940806 https://bugzilla.suse.com/940918 SUSE Bug 940918