The specific version of Firefox that the system is running is reportedly affected by the following vulnerabilities:
Brotli contains a flaw in the DecodeVarLenUint8() function in dec/decode.c related to use of uninitialized memory. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1930)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains an unspecified flaw that may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. No further details have been provided by the vendor. (CVE-2016-1931)
Mozilla Firefox contains a flaw in the Downscaler::ClearRow() function in image/Downscaler.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the nsComputedDOMStyle::GetStyleContextForElement() and nsComputedDOMStyle::GetStyleContextForElementNoFlush() functions in layout/style/nsComputedDOMStyle.cpp. The issue is triggered when using a frame that is not in the composed document. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw that is triggered when handling fuctions accepting rest parameters. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the CodeGeneratorShared::allocateData() function in js/src/jit/shared/CodeGenerator-shared.h that is triggered when handling out-of-memory error conditions. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the VCMGenericEncoder::Release() function in media/webrtc/trunk/webrtc/modules/video_coding/main/source/generic_encoder.cc. The issue is triggered as the encoded-frame callback is not unregistered when releasing codec databases. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains an unspecified flaw in js/src/vm/HelperThreads.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the JSRuntime::createJitRuntime() function in js/src/jscompartment.cpp that is triggered when handling out-of-memory error conditions. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains an unspecified flaw that is triggered when handling attribute changes. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the HTMLMediaElement::NotifyAddedSource() function in dom/html/HTMLMediaElement.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the nsGIFDecoder2::WriteInternal() function in image/decoders/nsGIFDecoder2.cpp that is triggered when handling GIF image frame bounds. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1931)
Mozilla Firefox contains a flaw that is triggered when handling WebAudio content. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a use-after-free condition in the nsLayoutUtils::SurfaceFromElement() function in dom/html/HTMLMediaElement.cpp. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1930)
Mozilla Firefox contains a flaw in the Evaluate() function in js/src/shell/js.cpp. With a specially crafted web page, a context-dependent attacker can corrupt memory and potentially execute arbitrary code. (CVE-2016-1931)
Mozilla Firefox contains an overflow condition in the WebGLContext::BufferData() function in dom/canvas/WebGLContextBuffers.cpp that is triggered when handling cache out-of-memory error conditions. This may allow a context-dependent attacker to cause a buffer overflow and potentially execute arbitrary code. (CVE-2016-1935)
Mozilla Firefox contains a flaw in the BrowserApp::onTabChanged() function in mobile/android/base/java/org/mozilla/gecko/BrowserApp.java. The issue is triggered when handling page scrolling. This may allow a context-dependent attacker to spoof the location. (CVE-2016-1943)
Mozilla Firefox contains an integer overflow condition that is triggered when handling GIF images. This may allow a context-dependent attacker to have an unspecified impact. No further details have been provided by the vendor. (CVE-2016-1933)
Mozilla Firefox contains a flaw in the Buffer11::NativeBuffer11::map() function within the ANGLE implementation. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2016-1944)
Mozilla Firefox for Android contains a flaw in mobile/android/chrome/content/browser.js that is triggered when handling data: URLs. This may allow a context-dependent attacker to spoof the location. (CVE-2016-1940)
Mozilla Firefox contains a flaw in the safe browsing feature as the Application Reputation service was unreachable. This may allow a context-dependent attacker to trick a user into downloading a malicious executable without the user being warned. (CVE-2016-1947)
Mozilla Firefox contains an integer overflow condition in the MoofParser::Metadata() function in media/libstagefright/binding/MoofParser.cpp. The issue is triggered when handling MP4 file metadata. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2016-1946)
Mozilla Firefox contains a flaw in modules/libjar/nsZipArchive.cpp that is triggered when handling ZIP files. This may allow a context-dependent attacker to have an unspecified impact. (CVE-2016-1945)
Mozilla Firefox contains a flaw in the nsCookieService::SetCookieInternal() function in netwerk/cookie/nsCookieService.cpp as control characters are permitted in cookie names. This may allow a context-dependent attacker to inject cookies. (CVE-2016-1939)
Mozilla Network Security Services (NSS) contains an unspecified cryptographical issue when handling calculations that contain mp_div or mp_exptmod. This may allow an attacker to trigger potential cryptographic weaknesses. (CVE-2016-1938)
Mozilla Firefox for Android contains a flaw in mobile/android/chrome/content/browser.js that is triggered as lightweight themes fail to properly secure connections when installing themes. This may allow a remote man-in-the-middle attacker to make changes to the theme.
(CVE-2016-1948)
Mozilla Firefox contains a flaw in the protocol handler in toolkit/mozapps/handling/content/dialog.js that is due to the handler treating double click events as two single click events. This may allow a context-dependent attacker to spoof content to cause a user to potentially perform malicious actions, such as downloading attacker controlled software. (CVE-2016-1937)
Mozilla Firefox for Mac OS X contains a flaw that is triggered as the delay between the download dialog getting focus and the button getting enabled is too short. If a context-dependent attacker can trick a user into double clicking in a specific location, they can pass the second click through to a dialog below that location. This will allow the attacker to cause the user to perform unintentional actions. (CVE-2016-1941)
Mozilla Firefox contains a flaw in browser/base/content/urlbarBindings.xml that is triggered during the handling of a URL that is invalid for the internal protocol, which will cause the URL to be pasted into the address bar. This may allow a context-dependent attacker to spoof URLs. (CVE-2016-1942)
Mozilla Network Security Services (NSS) contains a use-after-free error in the ssl3_HandleECDHServerKeyExchange() function. The issue is triggered when handling failed allocations during DHE and ECDHE handshakes. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2016-1978)
Binary data 802019.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1941
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1942
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1943
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1944
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1948
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978
lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00003.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00006.html
lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html
lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html
seclists.org/bugtraq/2016/Feb/178
seclists.org/bugtraq/2016/Jan/151
www-01.ibm.com/support/docview.wss?uid=isg3T1023778
www-01.ibm.com/support/docview.wss?uid=ssg1S1005811
www-01.ibm.com/support/docview.wss?uid=swg21982583
www.ubuntu.com/usn/usn-2880-1/
www.ubuntu.com/usn/usn-2880-2/
www.ubuntu.com/usn/usn-2903-1/
www.ubuntu.com/usn/usn-2903-2/
www.ubuntu.com/usn/usn-2904-1/
www.ubuntu.com/usn/usn-2973-1/
bto.bluecoat.com/security-advisory/sa124
bugzilla.mozilla.org/show_bug.cgi?id=1116385
bugzilla.mozilla.org/show_bug.cgi?id=1180064
bugzilla.mozilla.org/show_bug.cgi?id=1186621
bugzilla.mozilla.org/show_bug.cgi?id=1186973
bugzilla.mozilla.org/show_bug.cgi?id=1189082
bugzilla.mozilla.org/show_bug.cgi?id=1190248
bugzilla.mozilla.org/show_bug.cgi?id=1206675
bugzilla.mozilla.org/show_bug.cgi?id=1208525
bugzilla.mozilla.org/show_bug.cgi?id=1209358
bugzilla.mozilla.org/show_bug.cgi?id=1209365
bugzilla.mozilla.org/show_bug.cgi?id=1209366
bugzilla.mozilla.org/show_bug.cgi?id=1209368
bugzilla.mozilla.org/show_bug.cgi?id=1209546
bugzilla.mozilla.org/show_bug.cgi?id=1214782
bugzilla.mozilla.org/show_bug.cgi?id=1220450
bugzilla.mozilla.org/show_bug.cgi?id=1221385
bugzilla.mozilla.org/show_bug.cgi?id=1222015
bugzilla.mozilla.org/show_bug.cgi?id=1223670
bugzilla.mozilla.org/show_bug.cgi?id=1224200
bugzilla.mozilla.org/show_bug.cgi?id=1228590
bugzilla.mozilla.org/show_bug.cgi?id=1229825
bugzilla.mozilla.org/show_bug.cgi?id=1230483
bugzilla.mozilla.org/show_bug.cgi?id=1230639
bugzilla.mozilla.org/show_bug.cgi?id=1230668
bugzilla.mozilla.org/show_bug.cgi?id=1230686
bugzilla.mozilla.org/show_bug.cgi?id=1231121
bugzilla.mozilla.org/show_bug.cgi?id=1231761
bugzilla.mozilla.org/show_bug.cgi?id=1232069
bugzilla.mozilla.org/show_bug.cgi?id=1233152
bugzilla.mozilla.org/show_bug.cgi?id=1233346
bugzilla.mozilla.org/show_bug.cgi?id=1233784
bugzilla.mozilla.org/show_bug.cgi?id=1233925
bugzilla.mozilla.org/show_bug.cgi?id=1234280
bugzilla.mozilla.org/show_bug.cgi?id=1234571
bugzilla.mozilla.org/show_bug.cgi?id=1235876
bugzilla.mozilla.org/show_bug.cgi?id=1237103
bugzilla.mozilla.org/show_bug.cgi?id=724353
download.novell.com/Download?buildid=MVAFl0oMTck~
download.novell.com/Download?buildid=W46YTfqEGiQ~
github.com/google/brotli
www-304.ibm.com/support/docview.wss?uid=ssg1S1005812
www.debian.org/security/2016/dsa-3457
www.mozilla.org/
www.mozilla.org/en-US/security/advisories/mfsa2016-01/
www.mozilla.org/en-US/security/advisories/mfsa2016-02/
www.mozilla.org/en-US/security/advisories/mfsa2016-03/
www.mozilla.org/en-US/security/advisories/mfsa2016-04/
www.mozilla.org/en-US/security/advisories/mfsa2016-05/
www.mozilla.org/en-US/security/advisories/mfsa2016-06/
www.mozilla.org/en-US/security/advisories/mfsa2016-07/
www.mozilla.org/en-US/security/advisories/mfsa2016-08/
www.mozilla.org/en-US/security/advisories/mfsa2016-09/
www.mozilla.org/en-US/security/advisories/mfsa2016-10/
www.mozilla.org/en-US/security/advisories/mfsa2016-11/
www.mozilla.org/en-US/security/advisories/mfsa2016-12/
www.mozilla.org/en-US/security/advisories/mfsa2016-15/
www.suse.com/support/update/announcement/2016/suse-su-20160334-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160338-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160584-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160727-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160777-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160820-1.html
www.suse.com/support/update/announcement/2016/suse-su-20160909-1.html