Описание
Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues.
MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1.
These security issues were fixed:
- CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639).
- CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651).
- CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652).
- CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653).
- CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655).
- CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646).
- CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643).
- CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638)
These non-security issues were fixed:
- bsc#982366: Unknown SSL protocol error in connections
- Fix crashes on aarch64
- Determine page size at runtime (bsc#984006)
- Allow aarch64 to work in safe mode (bsc#985659)
- Fix crashes on mainframes
All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details.
Список пакетов
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:1691-1
- E-Mail link for SUSE-SU-2016:1691-1
- SUSE Security Ratings
- SUSE Bug 982366
- SUSE Bug 983549
- SUSE Bug 983638
- SUSE Bug 983639
- SUSE Bug 983643
- SUSE Bug 983646
- SUSE Bug 983651
- SUSE Bug 983652
- SUSE Bug 983653
- SUSE Bug 983655
- SUSE Bug 984006
- SUSE Bug 984126
- SUSE Bug 985659
- SUSE CVE CVE-2016-2815 page
- SUSE CVE CVE-2016-2818 page
- SUSE CVE CVE-2016-2819 page
- SUSE CVE CVE-2016-2821 page
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2815
- SUSE Bug 983549
- SUSE Bug 983638
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2818
- SUSE Bug 983549
- SUSE Bug 983638
Описание
Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via foreign-context HTML5 fragments, as demonstrated by fragments within an SVG element.
Затронутые продукты
Ссылки
- CVE-2016-2819
- SUSE Bug 983549
- SUSE Bug 983655
Описание
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
Затронутые продукты
Ссылки
- CVE-2016-2821
- SUSE Bug 983549
- SUSE Bug 983653
Описание
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to spoof the address bar via a SELECT element with a persistent menu.
Затронутые продукты
Ссылки
- CVE-2016-2822
- SUSE Bug 983549
- SUSE Bug 983652
Описание
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
Затронутые продукты
Ссылки
- CVE-2016-2824
- SUSE Bug 983549
- SUSE Bug 983651
Описание
Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after destruction of the texture's recycle pool.
Затронутые продукты
Ссылки
- CVE-2016-2828
- SUSE Bug 983549
- SUSE Bug 983646
Описание
Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-2831
- SUSE Bug 983549
- SUSE Bug 983632
- SUSE Bug 983643
Описание
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-2834
- SUSE Bug 983549
- SUSE Bug 983639