[SUSE-SU-2016:3223-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
6
CVEs
10
Security update for MozillaFirefox
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:
- MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
- MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution
- MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
- MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
- MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
- MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
- MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
- MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
- MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
- MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events
Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
for more information.
- Fix fontconfig issue (bsc#1000751) on 32bit systems as well.
| Package | Affected Version |
|---|---|
 pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
|
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
|
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
|
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
|
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
|
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2
|
< 45.6.0esr-66.1 |
- ID
- SUSE-SU-2016:3223-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2016/suse-su-20163223-1/
- Published
-
2016-12-21T21:36:44
(7 years ago) - Modified
-
2016-12-21T21:36:44
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2016-9893
-
ALPINE:CVE-2016-9895
-
ALPINE:CVE-2016-9897
-
ALPINE:CVE-2016-9898
-
ALPINE:CVE-2016-9899
-
ALPINE:CVE-2016-9900
-
ALPINE:CVE-2016-9901
-
ALPINE:CVE-2016-9902
-
ALPINE:CVE-2016-9904
-
ALPINE:CVE-2016-9905
-
ASA-201612-15
-
DSA-3734-1
-
DSA-3757-1
-
ELSA-2016-2946
-
ELSA-2016-2973
-
FREEBSD:512C0FFD-CD39-4DA4-B2DC-81FF4BA8E238
-
GLSA-201701-15
-
MFSA-2016-94
-
MFSA-2016-95
-
MFSA-2016-96
-
openSUSE-SU-2016:3307-1
-
openSUSE-SU-2016:3308-1
-
RHSA-2016:2946
-
RHSA-2016:2973
-
SSA:2016-365-02
-
SUSE-SU-2016:3210-1
-
SUSE-SU-2016:3222-1
-
USN-3155-1
-
USN-3165-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=2 | suse |
MozillaFirefox
|
< 45.6.0esr-66.1 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=2 | suse |
MozillaFirefox
|
< 45.6.0esr-66.1 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=2 | suse |
MozillaFirefox
|
< 45.6.0esr-66.1 | sles-11 | i586 | |
| Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=2 | suse |
MozillaFirefox-translations
|
< 45.6.0esr-66.1 | sles-11 | x86_64 | |
| Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=2 | suse |
MozillaFirefox-translations
|
< 45.6.0esr-66.1 | sles-11 | s390x | |
| Affected | pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=2 | suse |
MozillaFirefox-translations
|
< 45.6.0esr-66.1 | sles-11 | i586 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |