Security update for MozillaFirefox, mozilla-nss SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3105-1 Final 1 1 2016-12-13T08:18:24Z current 2016-12-13T08:18:24Z 2016-12-13T08:18:24Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox, mozilla-nss This update for MozillaFirefox, mozilla-nss fixes security issues and bugs. The following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026): - CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92) - CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404) - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402) - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410) The following vulnerabilities were fixed in mozilla-nss 3.21.3: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422) - CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517) The following bugs were fixed: - Firefox would fail to go into fullscreen mode with some window managers (bsc#992549) - font warning messages would flood console, now using fontconfig configuration from firefox-fontconfig instead of the system one (bsc#1000751) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-mfs2016-90-12883 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ Link for SUSE-SU-2016:3105-1 https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html E-Mail link for SUSE-SU-2016:3105-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1000751 SUSE Bug 1000751 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010395 SUSE Bug 1010395 https://bugzilla.suse.com/1010401 SUSE Bug 1010401 https://bugzilla.suse.com/1010402 SUSE Bug 1010402 https://bugzilla.suse.com/1010404 SUSE Bug 1010404 https://bugzilla.suse.com/1010410 SUSE Bug 1010410 https://bugzilla.suse.com/1010422 SUSE Bug 1010422 https://bugzilla.suse.com/1010427 SUSE Bug 1010427 https://bugzilla.suse.com/1010517 SUSE Bug 1010517 https://bugzilla.suse.com/1012964 SUSE Bug 1012964 https://bugzilla.suse.com/992549 SUSE Bug 992549 https://www.suse.com/security/cve/CVE-2016-5285/ SUSE CVE CVE-2016-5285 page https://www.suse.com/security/cve/CVE-2016-5290/ SUSE CVE CVE-2016-5290 page https://www.suse.com/security/cve/CVE-2016-5291/ SUSE CVE CVE-2016-5291 page https://www.suse.com/security/cve/CVE-2016-5296/ SUSE CVE CVE-2016-5296 page https://www.suse.com/security/cve/CVE-2016-5297/ SUSE CVE CVE-2016-5297 page https://www.suse.com/security/cve/CVE-2016-9064/ SUSE CVE CVE-2016-9064 page https://www.suse.com/security/cve/CVE-2016-9066/ SUSE CVE CVE-2016-9066 page https://www.suse.com/security/cve/CVE-2016-9074/ SUSE CVE CVE-2016-9074 page https://www.suse.com/security/cve/CVE-2016-9079/ SUSE CVE CVE-2016-9079 page SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox-45.5.1esr-63.1 MozillaFirefox-translations-45.5.1esr-63.1 libfreebl3-3.21.3-30.1 libfreebl3-32bit-3.21.3-30.1 mozilla-nss-3.21.3-30.1 mozilla-nss-32bit-3.21.3-30.1 mozilla-nss-devel-3.21.3-30.1 mozilla-nss-tools-3.21.3-30.1 MozillaFirefox-45.5.1esr-63.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox-translations-45.5.1esr-63.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libfreebl3-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS libfreebl3-32bit-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS mozilla-nss-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS mozilla-nss-32bit-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS mozilla-nss-devel-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS mozilla-nss-tools-3.21.3-30.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. CVE-2016-5285 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-5285.html CVE-2016-5285 https://bugzilla.suse.com/1010517 SUSE Bug 1010517 Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5290 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-5290.html CVE-2016-5290 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010427 SUSE Bug 1010427 A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5291 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-5291.html CVE-2016-5291 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010410 SUSE Bug 1010410 A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5296 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-5296.html CVE-2016-5296 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010395 SUSE Bug 1010395 An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5297 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-5297.html CVE-2016-5297 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010401 SUSE Bug 1010401 Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. CVE-2016-9064 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-9064.html CVE-2016-9064 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010402 SUSE Bug 1010402 A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-9066 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-9066.html CVE-2016-9066 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010404 SUSE Bug 1010404 An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-9074 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 low 4 AV:N/AC:H/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-9074.html CVE-2016-9074 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010422 SUSE Bug 1010422 A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ESR < 45.5.1, and Thunderbird < 45.5.1. CVE-2016-9079 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.5.1esr-63.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:libfreebl3-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-32bit-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-devel-3.21.3-30.1 SUSE Linux Enterprise Server 11 SP2-LTSS:mozilla-nss-tools-3.21.3-30.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/ https://www.suse.com/security/cve/CVE-2016-9079.html CVE-2016-9079 https://bugzilla.suse.com/1012964 SUSE Bug 1012964