openSUSE 13.1: 2016:3011-1 Important: Mozilla Firefox & Thunderbird Update
opensuse
December 5, 2016
An update that fixes 30 vulnerabilities is now available
Description
This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2
fixes a number of security issues.
The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89):
- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
(bmo#1292443)
- CVE-2016-5292: URL parsing causes crash (bmo#1288482)
- CVE-2016-5297: Incorrect argument length checking in Javascript
(bmo#1303678)
- CVE-2016-9064: Addons update must verify IDs match between current
and new versions (bmo#1303418)
- CVE-2016-9066: Integer overflow leading to a buffer overflow in
nsScriptLoadHandler (bmo#1299686)
- CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
(bmo#1301777, bmo#1308922 (CVE-2016-9069))
- CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)
- CVE-2016-9075: WebExtensions can access the mozAddonManager API and
use it to gain elevated privileges...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 13.1:
zypper in -t patch 2016-1407=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE 13.1 (i586 x86_64):
MozillaFirefox-50.0.2-131.1
MozillaFirefox-branding-upstream-50.0.2-131.1
MozillaFirefox-buildsymbols-50.0.2-131.1
MozillaFirefox-debuginfo-50.0.2-131.1
MozillaFirefox-debugsource-50.0.2-131.1
MozillaFirefox-devel-50.0.2-131.1
MozillaFirefox-translations-common-50.0.2-131.1
MozillaFirefox-translations-other-50.0.2-131.1
MozillaThunderbird-45.5.1-70.92.1
MozillaThunderbird-buildsymbols-45.5.1-70.92.1
MozillaThunderbird-debuginfo-45.5.1-70.92.1
MozillaThunderbird-debugsource-45.5.1-70.92.1
MozillaThunderbird-devel-45.5.1-70.92.1
MozillaThunderbird-translations-common-45.5.1-70.92.1
MozillaThunderbird-translations-other-45.5.1-70.92.1
libfreebl3-3.26.2-94.1
libfreebl3-debuginfo-3.26.2-94.1
libsoftokn3-3.26.2-94.1
libsoftokn3-debuginfo-3.26.2-94.1
mozilla-nss-3.26.2-94.1
mozilla-nss-certs-3.26.2-94.1
mozilla-nss-certs-debuginfo-3.26.2-94.1
mozilla-nss-debuginfo-3.26.2-94.1
mozilla-nss-debugsource-3.26.2-94.1
mozilla-nss-devel-3.26.2-94.1
mozilla-nss-sysinit-3.26.2-94.1
mozilla-nss-sysi...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2016-5289.html
https://www.suse.com/security/cve/CVE-2016-5290.html
https://www.suse.com/security/cve/CVE-2016-5291.html
https://www.suse.com/security/cve/CVE-2016-5292.html
https://www.suse.com/security/cve/CVE-2016-5293.html
https://www.suse.com/security/cve/CVE-2016-5294.html
https://www.suse.com/security/cve/CVE-2016-5295.html
https://www.suse.com/security/cve/CVE-2016-5296.html
https://www.suse.com/security/cve/CVE-2016-5297.html
https://www.suse.com/security/cve/CVE-2016-5298.html
https://www.suse.com/security/cve/CVE-2016-5299.html
https://www.suse.com/security/cve/CVE-2016-9061.html
https://www.suse.com/security/cve/CVE-2016-9062.html
https://www.suse.com/security/cve/CVE-2016-9063.html
https://www.suse.com/security/cve/CVE-2016-9064.html
https://www.suse.com/security/cve/CVE-2016-9065.html
https://www.suse.com/security/cve/CVE-2016-9066.html
https://www.suse.com/security/cve/CVE-2016-9067.html
https://www.suse.com/security/cve/CVE-2016-9068.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:3011-1
Rating: important
Affected Products:
openSUSE 13.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!