openSUSE 42.2: 2017:0690-1 Important: MozillaFirefox Security Update
opensuse
March 14, 2017
An update that fixes 25 vulnerabilities is now available
Description
This update for MozillaFirefox and mozilla-nss fixes the following issues:
MozillaFirefox was updated to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight, Java,
Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers * MFSA 2017-05 CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933) CVE-2017-5401: Memory Corruption when handling
ErrorResult (bmo#1328861) CVE-2017-5402: Use-after-free working with
events in FontFace
objects (bmo#1334876) CVE-2017-5403: Use-after-free
using addRange to add range to an incorrect root object (bmo#1340186)
CVE-2017-5404:...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-344=1
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2017-344=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.2 (i586 x86_64):
MozillaFirefox-52.0-55.2
MozillaFirefox-branding-upstream-52.0-55.2
MozillaFirefox-buildsymbols-52.0-55.2
MozillaFirefox-debuginfo-52.0-55.2
MozillaFirefox-debugsource-52.0-55.2
MozillaFirefox-devel-52.0-55.2
MozillaFirefox-translations-common-52.0-55.2
MozillaFirefox-translations-other-52.0-55.2
java-1_8_0-openjdk-1.8.0.121-8.1
java-1_8_0-openjdk-accessibility-1.8.0.121-8.1
java-1_8_0-openjdk-debuginfo-1.8.0.121-8.1
java-1_8_0-openjdk-debugsource-1.8.0.121-8.1
java-1_8_0-openjdk-demo-1.8.0.121-8.1
java-1_8_0-openjdk-demo-debuginfo-1.8.0.121-8.1
java-1_8_0-openjdk-devel-1.8.0.121-8.1
java-1_8_0-openjdk-devel-debuginfo-1.8.0.121-8.1
java-1_8_0-openjdk-headless-1.8.0.121-8.1
java-1_8_0-openjdk-headless-debuginfo-1.8.0.121-8.1
java-1_8_0-openjdk-src-1.8.0.121-8.1
libfreebl3-3.28.3-38.1
libfreebl3-debuginfo-3.28.3-38.1
libsoftokn3-3.28.3-38.1
libsoftokn3-debuginfo-3.28.3-38.1
mozilla-nss-3.28.3-38.1
mozilla-nss-certs-3.28.3-38.1
mozilla-nss-certs-debuginfo-3.28.3-38.1
mozilla-nss-...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-5398.html
https://www.suse.com/security/cve/CVE-2017-5399.html
https://www.suse.com/security/cve/CVE-2017-5400.html
https://www.suse.com/security/cve/CVE-2017-5401.html
https://www.suse.com/security/cve/CVE-2017-5402.html
https://www.suse.com/security/cve/CVE-2017-5403.html
https://www.suse.com/security/cve/CVE-2017-5404.html
https://www.suse.com/security/cve/CVE-2017-5405.html
https://www.suse.com/security/cve/CVE-2017-5406.html
https://www.suse.com/security/cve/CVE-2017-5407.html
https://www.suse.com/security/cve/CVE-2017-5408.html
https://www.suse.com/security/cve/CVE-2017-5410.html
https://www.suse.com/security/cve/CVE-2017-5412.html
https://www.suse.com/security/cve/CVE-2017-5413.html
https://www.suse.com/security/cve/CVE-2017-5414.html
https://www.suse.com/security/cve/CVE-2017-5415.html
https://www.suse.com/security/cve/CVE-2017-5416.html
https://www.suse.com/security/cve/CVE-2017-5417.html
https://www.suse.com/security/cve/CVE-2017-5418.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:0690-1
Rating: important
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!