MozillaFirefox was updated to version 31.5.0 ESR to fix five security
issues.
These security issues were fixed:
- CVE-2015-0836: Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox before 31.5 allowed remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0827: Heap-based buffer overflow in the mozilla::gfx::CopyRect
function in Mozilla Firefox before 31.5 allowed remote attackers to
obtain sensitive information from uninitialized process memory via a
malformed SVG graphic (bnc#917597).
- CVE-2015-0835: Multiple unspecified vulnerabilities in the browser
engine in Mozilla Firefox before 36.0 allowed remote attackers to cause
a denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors (bnc#917597).
- CVE-2015-0831: Use-after-free vulnerability in the
mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla
Firefox before 31.5 allowed remote attackers to execute arbitrary code
or cause a denial of service (heap memory corruption) via crafted
content that is improperly handled during IndexedDB index creation
(bnc#917597).
- CVE-2015-0822: The Form Autocompletion feature in Mozilla Firefox before
31.5 allowed remote attackers to read arbitrary files via crafted
JavaScript code (bnc#917597).