7 matches found
SUSE SLES11 Security Update : MozillaFirefox (SUSE-SU-2016:3210-1)
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues : - MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES - MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution - MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating...
SUSE SLED12 / SLES12 Security Update : MozillaFirefox (SUSE-SU-2016:3222-1)
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues : - MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES - MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution - MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating...
SUSE-SU-2016:3222-1 Security update for MozillaFirefox
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues: MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM...
Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10...
openSUSE Security Update : MozillaFirefox (openSUSE-2016-1490)
This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities : - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR -...
Security update for MozillaFirefox (important)
This update to MozillaFirefox 50.1.0 fixes the following vulnerabilities: - CVE-2016-9894: Buffer overflow in SkiaGL - CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements - CVE-2016-9895: CSP bypass using marquee tag - CVE-2016-9896: Use-after-free with WebVR -...
Mozilla: Pocket extension does not validate the origin of events (MFSA 2016-94, MFSA 2016-95)
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10...