[SUSE-SU-2016:0909-1] Security update for MozillaFirefox, mozilla-nspr, mozilla-nss
Security update for MozillaFirefox, mozilla-nspr, mozilla-nss
This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894), fixing
following security issues:
* MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
* MFSA 2016-17/CVE-2016-1954
Local file overwriting and potential privilege escalation
through CSP reports
* MFSA 2016-20/CVE-2016-1957
Memory leak in libstagefright when deleting an array during
MP4 processing
* MFSA 2016-21/CVE-2016-1958
Displayed page address can be overridden
* MFSA 2016-23/CVE-2016-1960
Use-after-free in HTML5 string parser
* MFSA 2016-24/CVE-2016-1961
Use-after-free in SetBody
* MFSA 2016-25/CVE-2016-1962
Use-after-free when using multiple WebRTC data channels
* MFSA 2016-27/CVE-2016-1964
Use-after-free during XML transformations
* MFSA 2016-28/CVE-2016-1965
Addressbar spoofing though history navigation and Location
protocol property
* MFSA 2016-31/CVE-2016-1966
Memory corruption with malicious NPAPI plugin
* MFSA 2016-34/CVE-2016-1974
Out-of-bounds read in HTML parser following a failed
allocation
* MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Font vulnerabilities in the Graphite 2 library
Mozilla NSPR was updated to version 4.12 (bsc#969894), fixing following bugs:
* added a PR_GetEnvSecure function, which attempts to detect if
the program is being executed with elevated privileges, and
returns NULL if detected. It is recommended to use this function
in general purpose library code.
* fixed a memory allocation bug related to the PR_*printf functions
* exported API PR_DuplicateEnvironment, which had already been
added in NSPR 4.10.9
* added support for FreeBSD aarch64
* several minor correctness and compatibility fixes
Mozilla NSS was updated to fix security issues (bsc#969894):
* MFSA 2016-15/CVE-2016-1978
Use-after-free in NSS during SSL connections in low memory
* MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
* MFSA 2016-36/CVE-2016-1979
Use-after-free during processing of DER encoded keys in NSS
- ID
- SUSE-SU-2016:0909-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20160909-1/
- Published
-
2016-03-30T10:06:02
(8 years ago) - Modified
-
2016-03-30T10:06:02
(8 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2016-667
- ALAS-2016-702
- DSA-3510-1
- DSA-3515-1
- DSA-3520-1
- DSA-3576-1
- DSA-3688-1
- ELSA-2016-0370
- ELSA-2016-0371
- ELSA-2016-0373
- ELSA-2016-0460
- ELSA-2016-0591
- ELSA-2016-0684
- ELSA-2016-0685
- FREEBSD:2225C5B4-1E5A-44FC-9920-B3201C384A15
- FREEBSD:75091516-6F4B-4059-9884-6727023DC366
- FREEBSD:ADFFE823-E692-4921-AE9C-0B825C218372
- FREEBSD:C4292768-5273-4F17-A267-C5FE35125CE4
- GLSA-201605-06
- GLSA-201701-63
- openSUSE-SU-2016:1769-1
- openSUSE-SU-2016:1778-1
- RHSA-2016:0370
- RHSA-2016:0373
- RHSA-2016:0460
- RHSA-2016:0591
- RHSA-2016:0685
- SUSE-SU-2016:0727-1
- SUSE-SU-2016:0777-1
- SUSE-SU-2017:1175-1
- SUSE-SU-2017:1248-1
- USN-2917-1
- USN-2924-1
- USN-2927-1
- USN-2934-1
- USN-2973-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox | < 38.7.0esr-36.3 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox | < 38.7.0esr-36.3 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox | < 38.7.0esr-36.3 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 38.7.0esr-36.3 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 38.7.0esr-36.3 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 38.7.0esr-36.3 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.20.2-20.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.20.2-20.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.20.2-20.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.20.2-20.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.20.2-20.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.20.2-20.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-32bit | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-32bit?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-32bit | < 3.20.2-20.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-19.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-19.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-19.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-19.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-19.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-19.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nspr-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr-32bit | < 4.12-19.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr-32bit?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr-32bit | < 4.12-19.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/libfreebl3?arch=x86_64&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/libfreebl3?arch=s390x&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.20.2-20.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/libfreebl3?arch=i586&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.20.2-20.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/libfreebl3-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | libfreebl3-32bit | < 3.20.2-20.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/libfreebl3-32bit?arch=s390x&distro=sles-11&sp=2 | suse | libfreebl3-32bit | < 3.20.2-20.1 | sles-11 | s390x |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |