Security update for Mozilla Firefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:0553-1 Final 1 1 2016-02-24T08:01:57Z current 2016-02-24T08:01:57Z 2016-02-24T08:01:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Mozilla Firefox This update for MozillaFirefox fixes the following issues: - update to Firefox 44.0.2 * MFSA 2016-13/CVE-2016-1949 (bmo#1245724, boo#966438) Same-origin-policy violation using Service Workers with plugins * Fix issue which could lead to the removal of stored passwords under certain circumstances (bmo#1242176) * Allows spaces in cookie names (bmo#1244505) * Disable opus/vorbis audio with H.264 (bmo#1245696) * Fix for graphics startup crash (GNU/Linux) (bmo#1222171) * Fix a crash in cache networking (bmo#1244076) * Fix using WebSockets in service worker controlled pages (bmo#1243942) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20160553-1/ Link for SUSE-SU-2016:0553-1 E-Mail link for SUSE-SU-2016:0553-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-44.0.2-106.1 MozillaFirefox-branding-upstream-44.0.2-106.1 MozillaFirefox-buildsymbols-44.0.2-106.1 MozillaFirefox-devel-44.0.2-106.1 MozillaFirefox-translations-common-44.0.2-106.1 MozillaFirefox-translations-other-44.0.2-106.1 Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that triggers spoofed responses to requests that use NPAPI, as demonstrated by a request for a crossdomain.xml file. CVE-2016-1949 moderate Please Install the update. https://www.suse.com/support/update/announcement/2016/suse-su-20160553-1/ https://www.suse.com/security/cve/CVE-2016-1949.html CVE-2016-1949 https://bugzilla.suse.com/966438 SUSE Bug 966438 https://bugzilla.suse.com/967087 SUSE Bug 967087