Описание
Security update for MozillaFirefox
MozillaFirefox is updated to version 50.0.2 which fixes the following issues:
- Firefox crashed with 3rd party Chinese IME when using IME text (fixed in version 50.0.1)
- Redirection from an HTTP connection to a data: URL could inherit wrong origin after an HTTP redirect (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078)
- Maliciously crafted SVG animations could cause remote code execution (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079)
Список пакетов
openSUSE Leap 42.1
openSUSE Leap 42.2
Ссылки
- E-Mail link for openSUSE-SU-2016:2994-1
- SUSE Security Ratings
Описание
Redirection from an HTTP connection to a "data:" URL assigns the referring site's origin to the "data:" URL in some circumstances. This can result in same-origin violations against a domain if it loads resources from malicious sites. Cross-origin setting of cookies has been demonstrated without the ability to read them. Note: This issue only affects Firefox 49 and 50. This vulnerability affects Firefox < 50.0.1.
Затронутые продукты
Ссылки
- CVE-2016-9078
- SUSE Bug 1012807
Описание
A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1.
Затронутые продукты
Ссылки
- CVE-2016-9079
- SUSE Bug 1012964