Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:2431-1 Final 1 1 2016-10-04T07:33:56Z current 2016-10-04T07:33:56Z 2016-10-04T07:33:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox MozillaFirefox was updated to 45.4.0 ESR to fix the following issues (bsc#999701): The following security issue were fixed: * MFSA 2016-86/CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString * MFSA 2016-86/CVE-2016-5272: Bad cast in nsImageGeometryMixin * MFSA 2016-86/CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList * MFSA 2016-86/CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState * MFSA 2016-86/CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick * MFSA 2016-86/CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame * MFSA 2016-86/CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap * MFSA 2016-86/CVE-2016-5281: use-after-free in DOMSVGLength * MFSA 2016-86/CVE-2016-5284: Add-on update site certificate pin expiration * MFSA 2016-86/CVE-2016-5250: Resource Timing API is storing resources sent by the previous page * MFSA 2016-86/CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel * MFSA 2016-86/CVE-2016-5257: Various memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4 The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). slessp2-MozillaFirefox-12771 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ Link for SUSE-SU-2016:2431-1 https://lists.suse.com/pipermail/sle-security-updates/2016-October/002304.html E-Mail link for SUSE-SU-2016:2431-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/999701 SUSE Bug 999701 https://www.suse.com/security/cve/CVE-2016-5250/ SUSE CVE CVE-2016-5250 page https://www.suse.com/security/cve/CVE-2016-5257/ SUSE CVE CVE-2016-5257 page https://www.suse.com/security/cve/CVE-2016-5261/ SUSE CVE CVE-2016-5261 page https://www.suse.com/security/cve/CVE-2016-5270/ SUSE CVE CVE-2016-5270 page https://www.suse.com/security/cve/CVE-2016-5272/ SUSE CVE CVE-2016-5272 page https://www.suse.com/security/cve/CVE-2016-5274/ SUSE CVE CVE-2016-5274 page https://www.suse.com/security/cve/CVE-2016-5276/ SUSE CVE CVE-2016-5276 page https://www.suse.com/security/cve/CVE-2016-5277/ SUSE CVE CVE-2016-5277 page https://www.suse.com/security/cve/CVE-2016-5278/ SUSE CVE CVE-2016-5278 page https://www.suse.com/security/cve/CVE-2016-5280/ SUSE CVE CVE-2016-5280 page https://www.suse.com/security/cve/CVE-2016-5281/ SUSE CVE CVE-2016-5281 page https://www.suse.com/security/cve/CVE-2016-5284/ SUSE CVE CVE-2016-5284 page SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox-45.4.0esr-52.1 MozillaFirefox-translations-45.4.0esr-52.1 MozillaFirefox-45.4.0esr-52.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS MozillaFirefox-translations-45.4.0esr-52.1 as a component of SUSE Linux Enterprise Server 11 SP2-LTSS Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. CVE-2016-5250 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5250.html CVE-2016-5250 https://bugzilla.suse.com/991809 SUSE Bug 991809 https://bugzilla.suse.com/999701 SUSE Bug 999701 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2016-5257 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5257.html CVE-2016-5257 https://bugzilla.suse.com/999701 SUSE Bug 999701 Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering. CVE-2016-5261 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5261.html CVE-2016-5261 https://bugzilla.suse.com/991809 SUSE Bug 991809 https://bugzilla.suse.com/999701 SUSE Bug 999701 Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion. CVE-2016-5270 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5270.html CVE-2016-5270 https://bugzilla.suse.com/999701 SUSE Bug 999701 The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site. CVE-2016-5272 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5272.html CVE-2016-5272 https://bugzilla.suse.com/999701 SUSE Bug 999701 Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation. CVE-2016-5274 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5274.html CVE-2016-5274 https://bugzilla.suse.com/999701 SUSE Bug 999701 Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute. CVE-2016-5276 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5276.html CVE-2016-5276 https://bugzilla.suse.com/999701 SUSE Bug 999701 Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation. CVE-2016-5277 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5277.html CVE-2016-5277 https://bugzilla.suse.com/999701 SUSE Bug 999701 Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image. CVE-2016-5278 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5278.html CVE-2016-5278 https://bugzilla.suse.com/999701 SUSE Bug 999701 Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text. CVE-2016-5280 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5280.html CVE-2016-5280 https://bugzilla.suse.com/999701 SUSE Bug 999701 Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document. CVE-2016-5281 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5281.html CVE-2016-5281 https://bugzilla.suse.com/999701 SUSE Bug 999701 Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority. CVE-2016-5284 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-45.4.0esr-52.1 SUSE Linux Enterprise Server 11 SP2-LTSS:MozillaFirefox-translations-45.4.0esr-52.1 important 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20162431-1/ https://www.suse.com/security/cve/CVE-2016-5284.html CVE-2016-5284 https://bugzilla.suse.com/999701 SUSE Bug 999701