[SUSE-SU-2016:3223-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
6
CVEs
10
Security update for MozillaFirefox
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:
- MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
- MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution
- MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
- MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
- MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
- MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
- MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events
Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
for more information.
- Fix fontconfig issue (bsc#1000751) on 32bit systems as well.
Package | Affected Version |
---|---|
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2 | < 45.6.0esr-66.1 |
- ID
- SUSE-SU-2016:3223-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20163223-1/
- Published
-
2016-12-21T21:36:44
(7 years ago) - Modified
-
2016-12-21T21:36:44
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2016-9893
- ALPINE:CVE-2016-9895
- ALPINE:CVE-2016-9897
- ALPINE:CVE-2016-9898
- ALPINE:CVE-2016-9899
- ALPINE:CVE-2016-9900
- ALPINE:CVE-2016-9901
- ALPINE:CVE-2016-9902
- ALPINE:CVE-2016-9904
- ALPINE:CVE-2016-9905
- ASA-201612-15
- DSA-3734-1
- DSA-3757-1
- ELSA-2016-2946
- ELSA-2016-2973
- FREEBSD:512C0FFD-CD39-4DA4-B2DC-81FF4BA8E238
- GLSA-201701-15
- MFSA-2016-94
- MFSA-2016-95
- MFSA-2016-96
- openSUSE-SU-2016:3307-1
- openSUSE-SU-2016:3308-1
- RHSA-2016:2946
- RHSA-2016:2973
- SSA:2016-365-02
- SUSE-SU-2016:3210-1
- SUSE-SU-2016:3222-1
- USN-3155-1
- USN-3165-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.6.0esr-66.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.6.0esr-66.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox | < 45.6.0esr-66.1 | sles-11 | i586 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.6.0esr-66.1 | sles-11 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.6.0esr-66.1 | sles-11 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2 | suse | MozillaFirefox-translations | < 45.6.0esr-66.1 | sles-11 | i586 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |