Security update for MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nspr, mozilla-nss
Announcement ID: | SUSE-SU-2016:1691-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves nine vulnerabilities and has four security fixes can now be installed.
Description:
MozillaFirefox, MozillaFirefox-branding-SLE, mozilla-nss and mozilla-nspr were updated to fix nine security issues.
MozillaFirefox was updated to version 45.2.0 ESR. mozilla-nss was updated to version 3.21.1.
These security issues were fixed: - CVE-2016-2834: Memory safety bugs in NSS (MFSA 2016-61) (bsc#983639). - CVE-2016-2824: Out-of-bounds write with WebGL shader (MFSA 2016-53) (bsc#983651). - CVE-2016-2822: Addressbar spoofing though the SELECT element (MFSA 2016-52) (bsc#983652). - CVE-2016-2821: Use-after-free deleting tables from a contenteditable document (MFSA 2016-51) (bsc#983653). - CVE-2016-2819: Buffer overflow parsing HTML5 fragments (MFSA 2016-50) (bsc#983655). - CVE-2016-2828: Use-after-free when textures are used in WebGL operations after recycle pool destruction (MFSA 2016-56) (bsc#983646). - CVE-2016-2831: Entering fullscreen and persistent pointerlock without user permission (MFSA 2016-58) (bsc#983643). - CVE-2016-2815, CVE-2016-2818: Miscellaneous memory safety hazards (MFSA 2016-49) (bsc#983638)
These non-security issues were fixed: - bsc#982366: Unknown SSL protocol error in connections - Fix crashes on aarch64 * Determine page size at runtime (bsc#984006) * Allow aarch64 to work in safe mode (bsc#985659) - Fix crashes on mainframes
All extensions must now be signed by addons.mozilla.org. Please read README.SUSE for more details.
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Desktop 12 SP1
zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2016-1003=1
-
SUSE Linux Enterprise Desktop 12
zypper in -t patch SUSE-SLE-DESKTOP-12-2016-1003=1
-
SUSE Linux Enterprise Software Development Kit 12
zypper in -t patch SUSE-SLE-SDK-12-2016-1003=1
-
SUSE Linux Enterprise Software Development Kit 12 SP1
zypper in -t patch SUSE-SLE-SDK-12-SP1-2016-1003=1
-
SUSE Linux Enterprise Server 12
zypper in -t patch SUSE-SLE-SERVER-12-2016-1003=1
-
SUSE Linux Enterprise Server for SAP Applications 12
zypper in -t patch SUSE-SLE-SERVER-12-2016-1003=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1003=1
-
SUSE Linux Enterprise Server 12 SP1
zypper in -t patch SUSE-SLE-SERVER-12-SP1-2016-1003=1
Package List:
-
SUSE Linux Enterprise Desktop 12 SP1 (x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
- libfreebl3-32bit-3.21.1-46.2
-
SUSE Linux Enterprise Desktop 12 (x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
- libfreebl3-32bit-3.21.1-46.2
-
SUSE Linux Enterprise Software Development Kit 12 (ppc64le s390x x86_64)
- MozillaFirefox-devel-45.2.0esr-75.2
- mozilla-nss-debuginfo-3.21.1-46.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nss-debugsource-3.21.1-46.2
- mozilla-nspr-debugsource-4.12-15.2
- mozilla-nss-devel-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- mozilla-nspr-devel-4.12-15.2
-
SUSE Linux Enterprise Software Development Kit 12 SP1 (ppc64le s390x x86_64)
- MozillaFirefox-devel-45.2.0esr-75.2
- mozilla-nss-debuginfo-3.21.1-46.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nss-debugsource-3.21.1-46.2
- mozilla-nspr-debugsource-4.12-15.2
- mozilla-nss-devel-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- mozilla-nspr-devel-4.12-15.2
-
SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64)
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- libsoftokn3-hmac-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- libfreebl3-hmac-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
-
SUSE Linux Enterprise Server 12 (s390x x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libfreebl3-hmac-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- libsoftokn3-hmac-32bit-3.21.1-46.2
- libfreebl3-32bit-3.21.1-46.2
-
SUSE Linux Enterprise Server for SAP Applications 12 (x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- libsoftokn3-hmac-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-hmac-32bit-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- libfreebl3-hmac-32bit-3.21.1-46.2
- libfreebl3-hmac-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
- libfreebl3-32bit-3.21.1-46.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- libsoftokn3-hmac-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- libfreebl3-hmac-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
-
SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libfreebl3-hmac-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- libsoftokn3-hmac-32bit-3.21.1-46.2
- libfreebl3-32bit-3.21.1-46.2
-
SUSE Linux Enterprise Server 12 SP1 (ppc64le s390x x86_64)
- mozilla-nss-tools-debuginfo-3.21.1-46.2
- mozilla-nss-certs-debuginfo-3.21.1-46.2
- mozilla-nss-certs-3.21.1-46.2
- mozilla-nss-debugsource-3.21.1-46.2
- libfreebl3-debuginfo-3.21.1-46.2
- libsoftokn3-hmac-3.21.1-46.2
- MozillaFirefox-debugsource-45.2.0esr-75.2
- libfreebl3-3.21.1-46.2
- mozilla-nss-debuginfo-3.21.1-46.2
- MozillaFirefox-translations-45.2.0esr-75.2
- mozilla-nss-sysinit-debuginfo-3.21.1-46.2
- mozilla-nss-tools-3.21.1-46.2
- MozillaFirefox-branding-SLE-45.0-28.2
- mozilla-nss-sysinit-3.21.1-46.2
- MozillaFirefox-45.2.0esr-75.2
- mozilla-nss-3.21.1-46.2
- libsoftokn3-3.21.1-46.2
- libsoftokn3-debuginfo-3.21.1-46.2
- mozilla-nspr-4.12-15.2
- mozilla-nspr-debuginfo-4.12-15.2
- mozilla-nspr-debugsource-4.12-15.2
- libfreebl3-hmac-3.21.1-46.2
- MozillaFirefox-debuginfo-45.2.0esr-75.2
-
SUSE Linux Enterprise Server 12 SP1 (s390x x86_64)
- libsoftokn3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-32bit-3.21.1-46.2
- mozilla-nss-sysinit-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-32bit-3.21.1-46.2
- mozilla-nspr-32bit-4.12-15.2
- mozilla-nss-sysinit-32bit-3.21.1-46.2
- libfreebl3-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-debuginfo-32bit-3.21.1-46.2
- mozilla-nss-certs-debuginfo-32bit-3.21.1-46.2
- libfreebl3-hmac-32bit-3.21.1-46.2
- libsoftokn3-32bit-3.21.1-46.2
- mozilla-nspr-debuginfo-32bit-4.12-15.2
- libsoftokn3-hmac-32bit-3.21.1-46.2
- libfreebl3-32bit-3.21.1-46.2
References:
- https://www.suse.com/security/cve/CVE-2016-2815.html
- https://www.suse.com/security/cve/CVE-2016-2818.html
- https://www.suse.com/security/cve/CVE-2016-2819.html
- https://www.suse.com/security/cve/CVE-2016-2821.html
- https://www.suse.com/security/cve/CVE-2016-2822.html
- https://www.suse.com/security/cve/CVE-2016-2824.html
- https://www.suse.com/security/cve/CVE-2016-2828.html
- https://www.suse.com/security/cve/CVE-2016-2831.html
- https://www.suse.com/security/cve/CVE-2016-2834.html
- https://bugzilla.suse.com/show_bug.cgi?id=982366
- https://bugzilla.suse.com/show_bug.cgi?id=983549
- https://bugzilla.suse.com/show_bug.cgi?id=983638
- https://bugzilla.suse.com/show_bug.cgi?id=983639
- https://bugzilla.suse.com/show_bug.cgi?id=983643
- https://bugzilla.suse.com/show_bug.cgi?id=983646
- https://bugzilla.suse.com/show_bug.cgi?id=983651
- https://bugzilla.suse.com/show_bug.cgi?id=983652
- https://bugzilla.suse.com/show_bug.cgi?id=983653
- https://bugzilla.suse.com/show_bug.cgi?id=983655
- https://bugzilla.suse.com/show_bug.cgi?id=984006
- https://bugzilla.suse.com/show_bug.cgi?id=984126
- https://bugzilla.suse.com/show_bug.cgi?id=985659