openSUSE Leap 42.1: 2016:1964-1 Important MozillaFirefox Security Fix
opensuse
August 5, 2016
An update that fixes 22 vulnerabilities is now available.
Description
Mozilla Firefox was updated to 48.0 to fix security issues, bugs, and
deliver various improvements.
The following major changes are included:
- Process separation (e10s) is enabled for some users - Add-ons that have not been verified and signed by Mozilla will not load
- WebRTC enhancements
- The media parser has been redeveloped using the Rust programming language
- better Canvas performance with speedy Skia support
- Now requires NSS 3.24
The following security issues were fixed: (boo#991809)
- CVE-2016-2835/CVE-2016-2836: Miscellaneous memory safety hazards
- CVE-2016-2830: Favicon network connection can persist when page is closed
- CVE-2016-2838: Buffer overflow rendering SVG with bidirectional content
- CVE-2016-2839: Cairo rendering crash due to memory allocation issue with
FFmpeg 0.10
- CVE-2016-5251: Location bar spoofing via data URLs with
malformed/invalid mediatypes
- CVE-2016-5252: Stack underflow during 2D...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-937=1
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-937=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (i586 x86_64):
MozillaFirefox-48.0-27.1
MozillaFirefox-branding-upstream-48.0-27.1
MozillaFirefox-buildsymbols-48.0-27.1
MozillaFirefox-debuginfo-48.0-27.1
MozillaFirefox-debugsource-48.0-27.1
MozillaFirefox-devel-48.0-27.1
MozillaFirefox-translations-common-48.0-27.1
MozillaFirefox-translations-other-48.0-27.1
libfreebl3-3.24-21.1
libfreebl3-debuginfo-3.24-21.1
libsoftokn3-3.24-21.1
libsoftokn3-debuginfo-3.24-21.1
mozilla-nss-3.24-21.1
mozilla-nss-certs-3.24-21.1
mozilla-nss-certs-debuginfo-3.24-21.1
mozilla-nss-debuginfo-3.24-21.1
mozilla-nss-debugsource-3.24-21.1
mozilla-nss-devel-3.24-21.1
mozilla-nss-sysinit-3.24-21.1
mozilla-nss-sysinit-debuginfo-3.24-21.1
mozilla-nss-tools-3.24-21.1
mozilla-nss-tools-debuginfo-3.24-21.1
- openSUSE Leap 42.1 (x86_64):
libfreebl3-32bit-3.24-21.1
libfreebl3-debuginfo-32bit-3.24-21.1
libsoftokn3-32bit-3.24-21.1
libsoftokn3-debuginfo-32bit-3.24-21.1
mozilla-nss-32bit-3.24-21.1
mozilla-nss-certs-32bit-3.24-21.1
mozilla-nss-certs-debuginfo-32bit-3.24-21.1
mozill...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2016-0718.html
https://www.suse.com/security/cve/CVE-2016-2830.html
https://www.suse.com/security/cve/CVE-2016-2835.html
https://www.suse.com/security/cve/CVE-2016-2836.html
https://www.suse.com/security/cve/CVE-2016-2837.html
https://www.suse.com/security/cve/CVE-2016-2838.html
https://www.suse.com/security/cve/CVE-2016-2839.html
https://www.suse.com/security/cve/CVE-2016-5250.html
https://www.suse.com/security/cve/CVE-2016-5251.html
https://www.suse.com/security/cve/CVE-2016-5252.html
https://www.suse.com/security/cve/CVE-2016-5254.html
https://www.suse.com/security/cve/CVE-2016-5255.html
https://www.suse.com/security/cve/CVE-2016-5258.html
https://www.suse.com/security/cve/CVE-2016-5259.html
https://www.suse.com/security/cve/CVE-2016-5260.html
https://www.suse.com/security/cve/CVE-2016-5261.html
https://www.suse.com/security/cve/CVE-2016-5262.html
https://www.suse.com/security/cve/CVE-2016-5263.html
https://www.suse.com/security/cve/CVE-2016-5264.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:1964-1
Rating: important
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!