openSUSE 42.1: 2016:1211-1 Critical: MozillaFirefox Patch Update
opensuse
May 4, 2016
An update that fixes 10 vulnerabilities is now available
Description
This update to Mozilla Firefox 46.0 fixes several security issues and bugs
(boo#977333).
The following vulnerabilities were fixed:
- CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977373)
- CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977375)
- CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39
(boo#977376)
- CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()
- MFSA 2016-47 (boo#977386)
- CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42
(boo#977379)
- CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42
(boo#977379)
- CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -
MFSA 2016-44 (boo#977381)
- CVE-2016-2816: CSP not applied to pages sent with
multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)
- CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-541=1
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-541=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (i586 x86_64):
MozillaFirefox-46.0-21.1
MozillaFirefox-branding-upstream-46.0-21.1
MozillaFirefox-buildsymbols-46.0-21.1
MozillaFirefox-debuginfo-46.0-21.1
MozillaFirefox-debugsource-46.0-21.1
MozillaFirefox-devel-46.0-21.1
MozillaFirefox-translations-common-46.0-21.1
MozillaFirefox-translations-other-46.0-21.1
libfreebl3-3.22.3-15.2
libfreebl3-debuginfo-3.22.3-15.2
libsoftokn3-3.22.3-15.2
libsoftokn3-debuginfo-3.22.3-15.2
mozilla-nss-3.22.3-15.2
mozilla-nss-certs-3.22.3-15.2
mozilla-nss-certs-debuginfo-3.22.3-15.2
mozilla-nss-debuginfo-3.22.3-15.2
mozilla-nss-debugsource-3.22.3-15.2
mozilla-nss-devel-3.22.3-15.2
mozilla-nss-sysinit-3.22.3-15.2
mozilla-nss-sysinit-debuginfo-3.22.3-15.2
mozilla-nss-tools-3.22.3-15.2
mozilla-nss-tools-debuginfo-3.22.3-15.2
- openSUSE Leap 42.1 (x86_64):
libfreebl3-32bit-3.22.3-15.2
libfreebl3-debuginfo-32bit-3.22.3-15.2
libsoftokn3-32bit-3.22.3-15.2
libsoftokn3-debuginfo-32bit-3.22.3-15.2
mozilla-nss-32bit-3.22.3-15.2
mozilla-nss-certs-32bit-3.22.3-15.2
mozilla-n...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2016-2804.html
https://www.suse.com/security/cve/CVE-2016-2806.html
https://www.suse.com/security/cve/CVE-2016-2807.html
https://www.suse.com/security/cve/CVE-2016-2808.html
https://www.suse.com/security/cve/CVE-2016-2811.html
https://www.suse.com/security/cve/CVE-2016-2812.html
https://www.suse.com/security/cve/CVE-2016-2814.html
https://www.suse.com/security/cve/CVE-2016-2816.html
https://www.suse.com/security/cve/CVE-2016-2817.html
https://www.suse.com/security/cve/CVE-2016-2820.html
https://bugzilla.suse.com/977333
https://bugzilla.suse.com/977373
https://bugzilla.suse.com/977375
https://bugzilla.suse.com/977376
https://bugzilla.suse.com/977379
https://bugzilla.suse.com/977381
https://bugzilla.suse.com/977382
https://bugzilla.suse.com/977384
https://bugzilla.suse.com/977386
https://bugzilla.suse.com/977388
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:1211-1
Rating: important
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!