[SUSE-SU-2016:2061-1] Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss
Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nspr and mozilla-nss
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr and mozilla-nss were updated to fix nine security issues.
MozillaFirefox was updated to version 45.3.0 ESR. mozilla-nss was updated to version 3.21.1, mozilla-nspr to version 4.12.
These security issues were fixed in 45.3.0ESR:
- CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards (rv:48.0 / rv:45.3) (MFSA 2016-62)
- CVE-2016-2830: Favicon network connection can persist when page is closed (MFSA 2016-63)
- CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content (MFSA 2016-64)
- CVE-2016-2839: Cairo rendering crash due to memory allocation issue with FFmpeg 0.10 (MFSA 2016-65)
- CVE-2016-5252: Stack underflow during 2D graphics rendering (MFSA 2016-67)
- CVE-2016-5254: Use-after-free when using alt key and toplevel menus (MFSA 2016-70)
- CVE-2016-5258: Use-after-free in DTLS during WebRTC session shutdown (MFSA 2016-72)
- CVE-2016-5259: Use-after-free in service workers with nested sync events (MFSA 2016-73)
- CVE-2016-5262: Scripts on marquee tag can execute in sandboxed iframes (MFSA 2016-76)
- CVE-2016-2837: Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback (MFSA 2016-77)
- CVE-2016-5263: Type confusion in display transformation (MFSA 2016-78)
- CVE-2016-5264: Use-after-free when applying SVG effects (MFSA 2016-79)
- CVE-2016-5265: Same-origin policy violation using local HTML file and saved shortcut file (MFSA 2016-80)
- CVE-2016-6354: Fix for possible buffer overrun (bsc#990856)
Security issues fixed in 45.2.0.ESR:
- CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639).
- CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651).
- CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652).
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653).
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655).
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646).
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643).
- CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638)
These non-security issues were fixed:
- Fix crashes on aarch64
* Determine page size at runtime (bsc#984006)
* Allow aarch64 to work in safe mode (bsc#985659)
- Fix crashes on mainframes
- Temporarily bind Firefox to the first CPU as a hotfix
for an apparent race condition (bsc#989196, bsc#990628)
All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details.
- ID
- SUSE-SU-2016:2061-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20162061-1/
- Published
-
2016-08-12T16:10:10
(8 years ago) - Modified
-
2016-08-12T16:10:10
(8 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2016-774
- ALPINE:CVE-2016-6354
- DSA-3600-1
- DSA-3640-1
- DSA-3647-1
- DSA-3653-1
- DSA-3653-2
- DSA-3686-1
- DSA-3688-1
- ELSA-2016-1217
- ELSA-2016-1392
- ELSA-2016-1551
- ELSA-2016-1809
- ELSA-2016-2779
- FEDORA-2016-8d79ade826
- FEDORA-2016-c9ad9582f7
- FREEBSD:32166082-53FA-41FA-B081-207E7A989A0A
- FREEBSD:8065D37B-8E7C-4707-A608-1B0A2B8509C3
- FREEBSD:AA1AEFE3-6E37-47DB-BFDA-343EF4ACB1B5
- GLSA-201701-15
- GLSA-201701-31
- GLSA-201802-03
- openSUSE-SU-2016:1769-1
- openSUSE-SU-2016:1778-1
- openSUSE-SU-2016:2253-1
- openSUSE-SU-2016:2254-1
- RHSA-2016:1217
- RHSA-2016:1392
- RHSA-2016:1551
- RHSA-2016:1809
- RHSA-2016:2779
- SUSE-SU-2016:1691-1
- SUSE-SU-2016:1799-1
- SUSE-SU-2016:2131-1
- SUSE-SU-2016:2195-1
- SUSE-SU-2016:2397-1
- SUSE-SU-2017:1175-1
- SUSE-SU-2017:1248-1
- SUSE-SU-2017:1442-1
- SUSE-SU-2019:2872-1
- USN-2993-1
- USN-3023-1
- USN-3029-1
- USN-3044-1
- USN-3073-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.3.0esr-48.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.3.0esr-48.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.3.0esr-48.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.3.0esr-48.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.3.0esr-48.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.3.0esr-48.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox-branding-SLED | < 45.0-20.38 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox-branding-SLED | < 45.0-20.38 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox-branding-SLED | < 45.0-20.38 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss | < 3.21.1-26.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss-tools?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss-tools | < 3.21.1-26.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nss-devel?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nss-devel | < 3.21.1-26.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nss-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nss-32bit | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nss-32bit?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nss-32bit | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-25.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-25.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nspr | < 4.12-25.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-25.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-25.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/mozilla-nspr-devel?arch=i586&distro=sles-11&sp=2 | suse | mozilla-nspr-devel | < 4.12-25.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/mozilla-nspr-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | mozilla-nspr-32bit | < 4.12-25.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/mozilla-nspr-32bit?arch=s390x&distro=sles-11&sp=2 | suse | mozilla-nspr-32bit | < 4.12-25.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/libfreebl3?arch=x86_64&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/libfreebl3?arch=s390x&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/libfreebl3?arch=i586&distro=sles-11&sp=2 | suse | libfreebl3 | < 3.21.1-26.2 | sles-11 | i586 | |
Affected | pkg:rpm/suse/libfreebl3-32bit?arch=x86_64&distro=sles-11&sp=2 | suse | libfreebl3-32bit | < 3.21.1-26.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/libfreebl3-32bit?arch=s390x&distro=sles-11&sp=2 | suse | libfreebl3-32bit | < 3.21.1-26.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/firefox-fontconfig?arch=x86_64&distro=sles-11&sp=2 | suse | firefox-fontconfig | < 2.11.0-4.2 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/firefox-fontconfig?arch=s390x&distro=sles-11&sp=2 | suse | firefox-fontconfig | < 2.11.0-4.2 | sles-11 | s390x | |
Affected | pkg:rpm/suse/firefox-fontconfig?arch=i586&distro=sles-11&sp=2 | suse | firefox-fontconfig | < 2.11.0-4.2 | sles-11 | i586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |