Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
- update to Firefox 44.0.2
- MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins
- Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176)
- Allows spaces in cookie names (bmo#1244505)
- Disable opus/vorbis audio with H.264 (bmo#1245696)
- Fix for graphics startup crash (GNU/Linux) (bmo#1222171)
- Fix a crash in cache networking (bmo#1244076)
- Fix using WebSockets in service worker controlled pages (bmo#1243942)
Список пакетов
openSUSE Leap 42.1
MozillaFirefox-44.0.2-15.2
MozillaFirefox-branding-upstream-44.0.2-15.2
MozillaFirefox-buildsymbols-44.0.2-15.2
MozillaFirefox-devel-44.0.2-15.2
MozillaFirefox-translations-common-44.0.2-15.2
MozillaFirefox-translations-other-44.0.2-15.2
Ссылки
- E-Mail link for openSUSE-SU-2016:0489-1
- SUSE Security Ratings
Описание
Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file.
Затронутые продукты
openSUSE Leap 42.1:MozillaFirefox-44.0.2-15.2
openSUSE Leap 42.1:MozillaFirefox-branding-upstream-44.0.2-15.2
openSUSE Leap 42.1:MozillaFirefox-buildsymbols-44.0.2-15.2
openSUSE Leap 42.1:MozillaFirefox-devel-44.0.2-15.2
Ссылки
- CVE-2016-1949
- SUSE Bug 966438
- SUSE Bug 967087