[RHSA-2016:2946] firefox security update

Severity Critical

Affected Packages 6

CVEs 10

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 45.6.0 ESR.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2016-9893, CVE-2016-9899, CVE-2016-9895, CVE-2016-9897, CVE-2016-9898, CVE-2016-9900, CVE-2016-9901, CVE-2016-9902, CVE-2016-9904, CVE-2016-9905)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Philipp, Wladimir Palant, Nils, Jann Horn, Aral, Andrew Krasichkov, insertscript, Jan de Mooij, Iris Hsiao, Christian Holler, Carsten Book, Timothy Nikkel, Christoph Diehl, Olli Pettay, Raymond Forbes, and Boris Zbarsky as the original reporters.

Package	Affected Version
pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-6.8	< 45.6.0-1.el6_8
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-6.8	< 45.6.0-1.el6_8
pkg:rpm/redhat/firefox?arch=s390&distro=redhat-6.8	< 45.6.0-1.el6_8
pkg:rpm/redhat/firefox?arch=ppc64&distro=redhat-6.8	< 45.6.0-1.el6_8
pkg:rpm/redhat/firefox?arch=ppc&distro=redhat-6.8	< 45.6.0-1.el6_8
pkg:rpm/redhat/firefox?arch=i686&distro=redhat-6.8	< 45.6.0-1.el6_8

ID

RHSA-2016:2946

Severity

critical

URL

https://access.redhat.com/errata/RHSA-2016:2946

Published

2016-12-14T00:00:00
(7 years ago)

Modified

2016-12-14T00:00:00
(7 years ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	1404083	https://bugzilla.redhat.com/1404083
Bugzilla	1404086	https://bugzilla.redhat.com/1404086
Bugzilla	1404087	https://bugzilla.redhat.com/1404087
Bugzilla	1404089	https://bugzilla.redhat.com/1404089
Bugzilla	1404090	https://bugzilla.redhat.com/1404090
Bugzilla	1404091	https://bugzilla.redhat.com/1404091
Bugzilla	1404094	https://bugzilla.redhat.com/1404094
Bugzilla	1404096	https://bugzilla.redhat.com/1404096
Bugzilla	1404358	https://bugzilla.redhat.com/1404358
Bugzilla	1404359	https://bugzilla.redhat.com/1404359
RHSA	RHSA-2016:2946	https://access.redhat.com/errata/RHSA-2016:2946
CVE	CVE-2016-9893	https://access.redhat.com/security/cve/CVE-2016-9893
CVE	CVE-2016-9895	https://access.redhat.com/security/cve/CVE-2016-9895
CVE	CVE-2016-9897	https://access.redhat.com/security/cve/CVE-2016-9897
CVE	CVE-2016-9898	https://access.redhat.com/security/cve/CVE-2016-9898
CVE	CVE-2016-9899	https://access.redhat.com/security/cve/CVE-2016-9899
CVE	CVE-2016-9900	https://access.redhat.com/security/cve/CVE-2016-9900
CVE	CVE-2016-9901	https://access.redhat.com/security/cve/CVE-2016-9901
CVE	CVE-2016-9902	https://access.redhat.com/security/cve/CVE-2016-9902
CVE	CVE-2016-9904	https://access.redhat.com/security/cve/CVE-2016-9904
CVE	CVE-2016-9905	https://access.redhat.com/security/cve/CVE-2016-9905

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	x86_64
Affected	pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	s390x
Affected	pkg:rpm/redhat/firefox?arch=s390&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	s390
Affected	pkg:rpm/redhat/firefox?arch=ppc64&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	ppc64
Affected	pkg:rpm/redhat/firefox?arch=ppc&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	ppc
Affected	pkg:rpm/redhat/firefox?arch=i686&distro=redhat-6.8	redhat	firefox	< 45.6.0-1.el6_8	redhat-6.8	i686

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date