Mozilla Firefox < 48.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 48.0. It is, therefore, affected by a vulnerability as referenced in the mfsa2016-83 advisory. - bypass FireFox Secure Connection Failed prompt to whitelist any site but doesn't workCVE-2016-5268 CVE-2016-5268 Note...

Amazon Linux AMI : nss-util / nss,nss-softokn (ALAS-2016-774)

CVE-2016-2834 nss: Multiple security flaws MFSA 2016-61 Multiple buffer handling flaws were found in the way NSS handled cryptographic data from the network. A remote attacker could use these flaws to crash an application using NSS or, possibly, execute arbitrary code with the permission of the...

Mozilla: Use-after-free in Editor while manipulating DOM subtrees (MFSA 2016-94, MFSA 2016-95)

Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox 50.1, Firefox ESR 45.6, and Thunderbird 45.6...

SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:3048-1)

This update for MozillaFirefox fixes security issues. The following vulnerabilities were fixed in Firefox ESR 45.5.1 bbsc1012964 : - CVE-2016-9079: Use-after-free in SVG Animation could be used for code execution MFSA 2016-92 bsc1012964 Note that Tenable Network Security has extracted the precedi...

Security update for Mozilla Thunderbird (important)

This update contains Mozilla Thunderbird 45.5.1 and fixes one vulnerability. In Mozilla Thunderbird, this vulnerability may be exploited when used in a browser-like context. - CVE-2016-9079: SVG Animation Remote Code Execution MFSA 2016-92, bsc1012964, bmo1321066...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-1166)

This update for Mozilla Thunderbird to version 45.4.0 fixes the following issues : - When using Thunderbird in a browser like context, for rendering HTML e-mail or feeds, it may be affected by vulnerabilities also fixed in Firefox ESR 45.4. MFSA 2016-86, boo999701 The following bugs were fixed in...

Security update for MozillaFirefox, mozilla-nss (important)

This update for MozillaFirefox and mozilla-nss fixes the following issues: MozillaFirefox was updated to version 49.0 boo999701 - New features Updated Firefox Login Manager to allow HTTPS pages to use saved HTTP logins. Added features to Reader Mode that make it easier on the eyes and the ears...

SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE / mozilla-nss (SUSE-SU-2016:1799-1)

MozillaFirefox, MozillaFirefox-branding-SLE and mozilla-nss were updated to fix nine security issues. Mozilla Firefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1. These security issues were fixed : - CVE-2016-2834: Memory safety bugs in NSS MFSA 2016-61 bsc983639....

openSUSE: Security Advisory for MozillaThunderbird (openSUSE-SU-2016:1778-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : Mozilla Thunderbird (openSUSE-2016-848)

This update contains Mozilla Thunderbird 45.2. boo983549 It fixes security issues mostly affecting the e-mail program when used in a browser context, such as viewing a web page or HTMl formatted e-mail. The following vulnerabilities were fixed : - CVE-2016-2818, CVE-2016-2815: Memory safety bugs...

openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-714)

This update to Mozilla Firefox 47 fixes the following issues boo983549 : Security fixes : - CVE-2016-2815/CVE-2016-2818: Miscellaneous memory safety hazards boo983638 MFSA 2016-49 - CVE-2016-2819: Buffer overflow parsing HTML5 fragments boo983655 MFSA 2016-50 - CVE-2016-2821: Use-after-free...

FreeBSD : mozilla -- multiple vulnerabilities (8065d37b-8e7c-4707-a608-1b0a2b8509c3)

Mozilla Foundation reports : MFSA 2016-49 Miscellaneous memory safety hazards rv:47.0 / rv:45.2 MFSA 2016-50 Buffer overflow parsing HTML5 fragments MFSA 2016-51 Use-after-free deleting tables from a contenteditable document MFSA 2016-52 Addressbar spoofing though the SELECT element MFSA 2016-54...

SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:1374-1)

This update to MozillaFirefox 38.8.0 ESR fixes the following security issues bsc977333 : - CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977374 - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 bsc977376 - CVE-2016-2808: Write to invalid HashMap entry...

nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

A use-after-free flaw was found in the way NSS handled DHE Diffie–Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause th...

Tor: Use-after-free during XML transformations (MFSA-2016-27)

Hello, I'm not sure how to understand the rules regarding "Bonus over Base Bounty/Mozilla Bounty for code execution exploits". Are vulnerabilities affecting Firefox ESR 38.7 covered by this section? If yes, you may be interested by MFSA 2016-27 aka CVE-2016-1964:...

openSUSE Security Update : MozillaThunderbird (openSUSE-2016-395)

MozillaThunderbird was updated to 38.7.0 to fix the following issues : - Update to Thunderbird 38.7.0 boo969894 - MFSA 2015-81/CVE-2015-4477 bmo1179484 Use-after-free in MediaStream playback - MFSA 2015-136/CVE-2015-7207 bmo1185256 Same-origin policy violation using performance.getEntries and...

SUSE SLED11 / SLES11 Security Update : MozillaFirefox, mozilla-nspr, mozilla-nss (SUSE-SU-2016:0777-1)

This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues : Mozilla Firefox was updated to 38.7.0 ESR bsc969894 - MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards rv:45.0 / rv:38.7 - MFSA 2016-17/CVE-2016-1954 Local file overwriting and...

graphite2: multiple font parsing vulnerabilities (Mozilla MFSA 2016-37)

The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted Graphite smart font,...

Security update for MozillaFirefox, mozilla-nspr, mozilla-nss (important)

This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 boo969894 requires NSPR 4.12 / NSS 3.21.1 Instant browser tab sharing through Hello Synced Tabs button in button bar Tabs synced via Firefox Accounts from other devices...

openSUSE Security Update : Mozilla Firefox (openSUSE-2016-259)

This update for MozillaFirefox fixes the following issues : - update to Firefox 44.0.2 - MFSA 2016-13/CVE-2016-1949 bmo1245724, boo966438 Same-origin-policy violation using Service Workers with plugins - Fix issue which could lead to the removal of stored passwords under certain circumstances...