Lucene search

K
suseSuseSUSE-SU-2016:3014-1
HistoryDec 05, 2016 - 9:07 p.m.

Security update for MozillaFirefox, mozilla-nss (important)

2016-12-0521:07:10
lists.opensuse.org
37

0.018 Low

EPSS

Percentile

86.7%

This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.

The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026):

  • CVE-2016-5297: Incorrect argument length checking in Javascript
    (bsc#1010401)
  • CVE-2016-9066: Integer overflow leading to a buffer overflow in
    nsScriptLoadHandler (bsc#1010404)
  • CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
    (bsc#1010395)
  • CVE-2016-9064: Addons update must verify IDs match between current and
    new versions (bsc#1010402)
  • CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR
    45.5 (bsc#1010427)
  • CVE-2016-5291: Same-origin policy violation using local HTML file and
    saved shortcut file (bsc#1010410)

The following vulnerabilities were fixed in mozilla-nss 3.21.3:

  • CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
    (bsc#1010422)
  • CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey /
    ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)

The following bugs were fixed:

  • Firefox would fail to go into fullscreen mode with some window managers
    (bsc#992549)

The Mozilla Firefox changelog was amended to document patched dropped in a
previous update.

0.018 Low

EPSS

Percentile

86.7%

Related for SUSE-SU-2016:3014-1