Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1817-1 Final 1 1 2015-10-16T16:30:25Z current 2015-10-16T16:30:25Z 2015-10-16T16:30:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox MozillaFirefox was updated to version 41.0.2 to fix one security issue. This security issue was fixed: - CVE-2015-7184: Cross-origin restriction bypass using Fetch (bsc#950686). These non-security issues were fixed: * Fix a startup crash related to Yandex toolbar and Adblock Plus (bmo#1209124) * Fix potential hangs with Flash plugins (bmo#1185639) * Fix a regression in the bookmark creation (bmo#1206376) * Fix a startup crash with some Intel Media Accelerator 3150 graphic cards (bmo#1207665) * Fix a graphic crash, occurring occasionally on Facebook (bmo#1178601) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html E-Mail link for openSUSE-SU-2015:1817-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-41.0.2-91.1 MozillaFirefox-branding-upstream-41.0.2-91.1 MozillaFirefox-buildsymbols-41.0.2-91.1 MozillaFirefox-devel-41.0.2-91.1 MozillaFirefox-translations-common-41.0.2-91.1 MozillaFirefox-translations-other-41.0.2-91.1 The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. CVE-2015-7184 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2015-10/msg00021.html https://www.suse.com/security/cve/CVE-2015-7184.html CVE-2015-7184 https://bugzilla.suse.com/950686 SUSE Bug 950686