logo
DATABASE RESOURCES PRICING ABOUT US

Updated nss and firefox packages fix security vulnerabilities

Description

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290). A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update (CVE-2016-9064). An existing mitigation of timing side-channel attacks in NSS before 3.26.1 is insufficient in some circumstances (CVE-2016-9074).


Affected Package


OS OS Version Package Name Package Version
Mageia 5 firefox 45.5.0-1
Mageia 5 firefox-l10n 45.5.0-1
Mageia 5 nss 3.27.1-1
Mageia 5 rootcerts 20160922.00-1
Mageia 5 nspr 4.13.1-1

Related