Описание
Security update for MozillaFirefox
MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701):
The following security issue were fixed:
- MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
- MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin
- MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList
- MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState
- MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick
- MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
- MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
- MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength
- MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration
- MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page
- MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel
- MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
Список пакетов
SUSE Linux Enterprise Server 11 SP2-LTSS
Ссылки
- Link for SUSE-SU-2016:2431-1
- E-Mail link for SUSE-SU-2016:2431-1
- SUSE Security Ratings
- SUSE Bug 999701
- SUSE CVE CVE-2016-5250 page
- SUSE CVE CVE-2016-5257 page
- SUSE CVE CVE-2016-5261 page
- SUSE CVE CVE-2016-5270 page
- SUSE CVE CVE-2016-5272 page
- SUSE CVE CVE-2016-5274 page
- SUSE CVE CVE-2016-5276 page
- SUSE CVE CVE-2016-5277 page
- SUSE CVE CVE-2016-5278 page
- SUSE CVE CVE-2016-5280 page
- SUSE CVE CVE-2016-5281 page
- SUSE CVE CVE-2016-5284 page
Описание
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
Затронутые продукты
Ссылки
- CVE-2016-5250
- SUSE Bug 991809
- SUSE Bug 999701
Описание
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
Затронутые продукты
Ссылки
- CVE-2016-5257
- SUSE Bug 999701
Описание
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
Затронутые продукты
Ссылки
- CVE-2016-5261
- SUSE Bug 991809
- SUSE Bug 999701
Описание
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
Затронутые продукты
Ссылки
- CVE-2016-5270
- SUSE Bug 999701
Описание
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
Затронутые продукты
Ссылки
- CVE-2016-5272
- SUSE Bug 999701
Описание
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
Затронутые продукты
Ссылки
- CVE-2016-5274
- SUSE Bug 999701
Описание
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
Затронутые продукты
Ссылки
- CVE-2016-5276
- SUSE Bug 999701
Описание
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
Затронутые продукты
Ссылки
- CVE-2016-5277
- SUSE Bug 999701
Описание
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
Затронутые продукты
Ссылки
- CVE-2016-5278
- SUSE Bug 999701
Описание
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
Затронутые продукты
Ссылки
- CVE-2016-5280
- SUSE Bug 999701
Описание
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
Затронутые продукты
Ссылки
- CVE-2016-5281
- SUSE Bug 999701
Описание
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
Затронутые продукты
Ссылки
- CVE-2016-5284
- SUSE Bug 999701