New Search

SUSE-SU-2014:1510-1 -- Security update for MozillaFirefox and mozilla-nss (moderate)

oval:org.mitre.oval:def:28150

- update to Firefox 31.2.0 ESR (bnc#900941) * MFSA 2014-74/CVE-2014-1574/CVE-2014-1575 (bmo#1001994 bmo#1011354 bmo#1018916 bmo#1020034 bmo#1023035 bmo#1032208 bmo#1033020 bmo#1034230 bmo#1061214 bmo#1061600 bmo#1064346 bmo#1072044 bmo#1072174) Miscellaneous memory safety hazards (rv:33.0/rv:31.2) * MFSA 2014-75/CVE-2014-1576 (bmo#1041512) Buffer overflow during CSS manipulation * MFSA 2014-76/CVE-2014-1577 (bmo#1012609) Web Audio memory corruption issues with custom waveforms * MFSA 2014-77/CVE-2014-1578 (bmo#1063327) Out-of-bounds write with WebM video * MFSA 2014-79/CVE-2014-1581 (bmo#1068218) Use-after-free interacting with text directionality * MFSA 2014-81/CVE-2014-1585/CVE-2014-1586 (bmo#1062876 bmo#1062981) Inconsistent video sharing within iframe * MFSA 2014-82/CVE-2014-1583 (bmo#1015540) Accessing cross-origin objects via the Alarms API - SSLv3 is disabled by default. See README.POODLE for more detailed information. - disable call home features - update to 3.17.2 (bnc#900941) Bugfix release * bmo#1049435 - Importing an RSA private key fails if p < q * bmo#1057161 - NSS hangs with 100% CPU on invalid EC key * bmo#1078669 - certutil crashes when using the --certVersion parameter - changes from earlier version of the 3.17 branch: update to 3.17.1 (bnc#897890) * MFSA 2014-73/CVE-2014-1568 (bmo#1064636 bmo#1069405) RSA Signature Forgery in NSS * Change library's signature algorithm default to SHA256 * Add support for draft-ietf-tls-downgrade-scsv * Add clang-cl support to the NSS build system * Implement TLS 1.3: * Part 1. Negotiate TLS 1.3 * Part 2. Remove deprecated cipher suites andcompression. * Add support for little-endian powerpc64 update to 3.17 * required for Firefox 33 New functionality: * When using ECDHE the TLS server code may be configured to generate a fresh ephemeral ECDH key for each handshake by setting the SSL_REUSE_SERVER_ECDHE_KEY socket option to PR_FALSE. The SSL_REUSE_SERVER_ECDHE_KEY option defaults to PR_TRUE which means the server's ephemeral ECDH key is reused for multiple handshakes. This option does not affect the TLS client code which always generates a fresh ephemeral ECDH key for each handshake. New Macros * SSL_REUSE_SERVER_ECDHE_KEY Notable Changes: * The manual pages for the certutil and pp tools have been updated to document the new parameters that had been added in NSS 3.16.2.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • SUSE Linux Enterprise Desktop 12
Class:
patch
Reference(s):
  • SUSE-SU-2014:1510-1
  • CVE-2014-1574
  • CVE-2014-1575
  • CVE-2014-1576
  • CVE-2014-1577
  • CVE-2014-1578
  • CVE-2014-1581
  • CVE-2014-1585
  • CVE-2014-1586
  • CVE-2014-1583
  • CVE-2014-1568
Product(s):
  • mozilla-nss
  • MozillaFirefox