Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:1258-1

Опубликовано: 06 мая 2016
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update to MozillaFirefox 38.8.0 ESR fixes the following issues (bsc#977333):

  • CVE-2016-2805: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977374)
  • CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39 (bsc#977376)
  • CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets - MFSA 2016-44 (bsc#977381)
  • CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch() - MFSA 2016-47 (bsc#977386)

Список пакетов

SUSE Linux Enterprise Desktop 12
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12 SP1
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Server 12
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Server 12 SP1
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Server for SAP Applications 12
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-38.8.0esr-66.2
MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Software Development Kit 12
MozillaFirefox-devel-38.8.0esr-66.2
SUSE Linux Enterprise Software Development Kit 12 SP1
MozillaFirefox-devel-38.8.0esr-66.2

Ссылки

Описание

Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-translations-38.8.0esr-66.2
Ссылки

Описание

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-translations-38.8.0esr-66.2
Ссылки

Описание

The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-translations-38.8.0esr-66.2
Ссылки

Описание

Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-38.8.0esr-66.2
SUSE Linux Enterprise Desktop 12:MozillaFirefox-translations-38.8.0esr-66.2
Ссылки
Уязвимость SUSE-SU-2016:1258-1