Описание
Security update for MozillaFirefox, MozillaFirefox-branding-SLED, mozilla-nss
This update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss fixes the following issues: (bsc#963520)
Mozilla Firefox was updated to 38.6.0 ESR. Mozilla NSS was updated to 3.20.2.
The following vulnerabilities were fixed:
- CVE-2016-1930: Memory safety bugs fixed in Firefox ESR 38.6 (bsc#963632)
- CVE-2016-1935: Buffer overflow in WebGL after out of memory allocation (bsc#963635)
- CVE-2016-1938: Calculations with mp_div and mp_exptmod in Network Security Services (NSS) canproduce wrong results (bsc#963731)
The following improvements were added:
- bsc#954447: Mozilla NSS now supports a number of new DHE ciphersuites
- Tracking protection is now enabled by default
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
SUSE Linux Enterprise Desktop 11 SP4
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
SUSE Linux Enterprise Server 11 SP3
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libfreebl3-x86-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
libsoftokn3-x86-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
mozilla-nss-x86-3.20.2-25.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libfreebl3-x86-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
libsoftokn3-x86-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
mozilla-nss-x86-3.20.2-25.2
SUSE Linux Enterprise Server 11 SP4
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libfreebl3-x86-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
libsoftokn3-x86-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
mozilla-nss-x86-3.20.2-25.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libfreebl3-x86-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
libsoftokn3-x86-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
mozilla-nss-x86-3.20.2-25.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
MozillaFirefox-38.6.0esr-31.3
MozillaFirefox-branding-SLED-38-18.24
MozillaFirefox-translations-38.6.0esr-31.3
libfreebl3-3.20.2-25.2
libfreebl3-32bit-3.20.2-25.2
libfreebl3-x86-3.20.2-25.2
libsoftokn3-3.20.2-25.2
libsoftokn3-32bit-3.20.2-25.2
libsoftokn3-x86-3.20.2-25.2
mozilla-nss-3.20.2-25.2
mozilla-nss-32bit-3.20.2-25.2
mozilla-nss-tools-3.20.2-25.2
mozilla-nss-x86-3.20.2-25.2
SUSE Linux Enterprise Software Development Kit 11 SP3
MozillaFirefox-devel-38.6.0esr-31.3
mozilla-nss-devel-3.20.2-25.2
SUSE Linux Enterprise Software Development Kit 11 SP4
MozillaFirefox-devel-38.6.0esr-31.3
mozilla-nss-devel-3.20.2-25.2
Ссылки
- Link for SUSE-SU-2016:0334-1
- E-Mail link for SUSE-SU-2016:0334-1
- SUSE Security Ratings
- SUSE Bug 954447
- SUSE Bug 963520
- SUSE Bug 963632
- SUSE Bug 963635
- SUSE Bug 963731
- SUSE CVE CVE-2016-1930 page
- SUSE CVE CVE-2016-1935 page
- SUSE CVE CVE-2016-1938 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-branding-SLED-38-18.24
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:libfreebl3-3.20.2-25.2
Ссылки
- CVE-2016-1930
- SUSE Bug 963520
- SUSE Bug 963632
Описание
Buffer overflow in the BufferSubData function in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allows remote attackers to execute arbitrary code via crafted WebGL content.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-branding-SLED-38-18.24
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:libfreebl3-3.20.2-25.2
Ссылки
- CVE-2016-1935
- SUSE Bug 963520
- SUSE Bug 963635
Описание
The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network Security Services (NSS) before 3.21, as used in Mozilla Firefox before 44.0, improperly divides numbers, which might make it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging use of the (1) mp_div or (2) mp_exptmod function.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-branding-SLED-38-18.24
SUSE Linux Enterprise Desktop 11 SP3:MozillaFirefox-translations-38.6.0esr-31.3
SUSE Linux Enterprise Desktop 11 SP3:libfreebl3-3.20.2-25.2
Ссылки
- CVE-2016-1938
- SUSE Bug 963731