Overview

File _patchinfo of Package patchinfo.3323

<patchinfo incident="3323">
  <packager>pcerny</packager>
  <issue tracker="bnc" id="1009026">VUL-0: MozillaFirefox 50 / 45.5 ESR security release</issue>
  <issue tracker="bnc" id="992549">L3: MozillaFirefox-45.2.0esr shipped with SLED 12 SP1 fails to go into fullscreen mode</issue>
  <issue tracker="cve" id="2016-5291"/>
  <issue tracker="cve" id="2016-5290"/>
  <issue tracker="cve" id="2016-5297"/>
  <issue tracker="cve" id="2016-5296"/>
  <issue tracker="cve" id="2016-9064"/>
  <issue tracker="cve" id="2016-9066"/>
  <issue tracker="cve" id="2016-9074"/>
  <issue tracker="bnc" id="1010401">VUL-0: CVE-2016-5297: MozillaFirefox: Incorrect argument length checking in JavaScript</issue>
  <issue tracker="bnc" id="1010422">VUL-0: CVE-2016-9074: mozilla-nss: Insufficient timing side-channel resistance in divSpoiler</issue>
  <issue tracker="bnc" id="1010404">VUL-0: CVE-2016-9066: MozillaFirefox: Integer overflow leading to a buffer overflow in nsScriptLoadHandler</issue>
  <issue tracker="bnc" id="1010395">VUL-0: CVE-2016-5296: MozillaFirefox: Heap-buffer-overflow WRITE in rasterize_edges_1</issue>
  <issue tracker="bnc" id="1010402">VUL-0: CVE-2016-9064: MozillaFirefox: Add-ons update must verify IDs match between current and new versions</issue>
  <issue tracker="bnc" id="1010427">VUL-0: CVE-2016-5290: MozillaFirefox: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5</issue>
  <issue tracker="bnc" id="1010410">VUL-0: CVE-2016-5291: MozillaFirefox: Same-origin policy violation using local HTML file and saved shortcut file</issue>
  <issue tracker="cve" id="2016-5285"/>
  <issue tracker="bnc" id="1010517"/>
  <category>security</category>
  <rating>important</rating>
  <summary>Security update for MozillaFirefox, mozilla-nss</summary>
  <description>This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.

The following vulnerabilities were fixed in Firefox ESR 45.5 (bsc#1009026):

- CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401)
- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)
- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)
- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)
- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)
- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410)

The following vulnerabilities were fixed in mozilla-nss 3.21.3:

- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)
- CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)  

The following bugs were fixed:

- Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)

The Mozilla Firefox changelog was amended to document patched dropped in a previous update.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places