| Errata ID | 1 |
|---|---|
| Date | 2013-11-22 |
| Source package | firefox-de |
| Fixed in version | 24.1.1esr-6.35.201311201827 |
| Description | Firefox has been updated to the new Firefox Extended Support Release based on Firefox 24. The previosly used ESR 17 series is no longer maintained. This update consists of two updates for firefox-en and firefox-de. Several vulnerabilities have been fixed with the update to Firefox ESR 24.1.1 * Memory corruption in workers (CVE-2013-5602) * Miscellaneous use-after-free issues found through ASAN fuzzing (CVE-2013-5599, CVE-2013-5600, CVE-2013-5601) * Use-after-free when updating offline cache (CVE-2013-5597) * Improperly initialized memory and overflows in some JavaScript functions (CVE-2013-5595) * Access violation with XSLT and uninitialized data (CVE-2013-5604) * Miscellaneous memory safety hazards (CVE-2013-5590, CVE-2013-5591, CVE-2013-5592, CVE-2013-1739) * Miscellaneous Network Security Services (NSS) vulnerabilities (CVE-2013-5605, CVE-2013-5606, CVE-2013-1741, CVE-2013-5607, CVE-2013-2566) * Use-after-free in HTML document templates (CVE-2013-5603) * Security bypass of PDF.js checks using iframes (CVE-2013-5598) * Writing to cycle collected object during image decoding (CVE-2013-5596) * Spoofing addressbar though SELECT element (CVE-2013-5593) |
| Additional notes | This update fixes these vulnerabilities. |
| CVE ID | CVE-2013-1739 CVE-2013-1741 CVE-2013-2566 CVE-2013-5590 CVE-2013-5591 CVE-2013-5592 CVE-2013-5593 CVE-2013-5595 CVE-2013-5596 CVE-2013-5597 CVE-2013-5598 CVE-2013-5599 CVE-2013-5600 CVE-2013-5601 CVE-2013-5602 CVE-2013-5603 CVE-2013-5604 CVE-2013-5605 CVE-2013-5606 CVE-2013-5607 |
