SUSE CVE-2016-1977

The Machine::Code::decoder::analysis::setref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service stack memory corruption via a crafted Graphite smart font...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2017:0426-1)

MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues bsc1021991 : - MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of JavaScript objects bsc1021818 - MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder bsc1021821 - MFSA 2017-02/CVE-2017-5386: WebExtensions c...

OracleVM 3.3 / 3.4 : nssnss-util (OVMSA-2016-0159)

The remote OracleVM system is missing necessary patches to address critical security updates : nss - Added nss-vendor.patch to change vendor - Mozilla 1314604 / Red Hat CVE-2016-8635 - remove disablehwgcm.patch which hasn't been used since 3.16.1 - Rebase to NSS 3.21.3 - Resolves: 1383885 nss-uti...

DEBIAN-CVE-2016-5254

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service heap memory corruption and application crash by leveraging keyboard access to use the Alt...

OracleVM 3.2 : nspr (OVMSA-2016-0065)

The remote OracleVM system is missing necessary patches to address critical security updates : - Rebase to NSPR 4.11 - Resolves: Bug 1297943 - Rebase RHEL 5.11.z to NSPR 4.11 in preparation for Firefox 45 - Resolves: Bug 1269359 - CVE-2015-7183 - nspr: heap-buffer overflow in PLARENAALLOCATE can...

Oracle Linux 6 : nss, / nss-util, / and / nspr (ELSA-2016-0591)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-0591 advisory. nspr 4.11.0-0.1 - Rebase to NSPR 4.11 nss 3.21.0-0.3.0.1 - Added nss-vendor.patch to change vendor 3.21.0-0.3 - Ensure all ssl.sh tests are executed...

nss, nss-util, and nspr security, bug fix, and enhancement update

nspr 4.11.0-0.1 - Rebase to NSPR 4.11 nss 3.21.0-0.3.0.1 - Added nss-vendor.patch to change vendor 3.21.0-0.3 - Ensure all ssl.sh tests are executed 3.21.0-0.2 - Ensure abi compatibility 3.21.0-0.1 - Rebase to NSS-3.21 nss-util 3.21.0-0.3 - Rebase RHEL 6.7.z to NSS-util 3.21 in preparation for...

Use-after-free during processing of DER encoded keys in NSS — Mozilla

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services NSS libraries. The vulnerability overwrites the freed memory with zeroes. This issue has been addressed ...