Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="4633">
  <packager>wrosenauer</packager>
  <issue tracker="cve" id="2016-2804"></issue>
  <issue tracker="cve" id="2016-2806"></issue>
  <issue tracker="cve" id="2016-2807"></issue>
  <issue tracker="cve" id="2016-2808"></issue>
  <issue tracker="cve" id="2016-2809"></issue>
  <issue tracker="cve" id="2016-2810"></issue>
  <issue tracker="cve" id="2016-2811"></issue>
  <issue tracker="cve" id="2016-2812"></issue>
  <issue tracker="cve" id="2016-2813"></issue>
  <issue tracker="cve" id="2016-2814"></issue>
  <issue tracker="cve" id="2016-2816"></issue>
  <issue tracker="cve" id="2016-2817"></issue>
  <issue tracker="cve" id="2016-2820"></issue>
  <issue tracker="bmo" id="1197901"></issue>
  <issue tracker="bmo" id="1212939"></issue>
  <issue tracker="bmo" id="1223743"></issue>
  <issue tracker="bmo" id="1227462"></issue>
  <issue tracker="bmo" id="1229681"></issue>
  <issue tracker="bmo" id="1230955"></issue>
  <issue tracker="bmo" id="1246061"></issue>
  <issue tracker="bmo" id="1249572"></issue>
  <issue tracker="bmo" id="1252330"></issue>
  <issue tracker="bmo" id="1254503"></issue>
  <issue tracker="bmo" id="1254694"></issue>
  <issue tracker="bmo" id="1254721"></issue>
  <issue tracker="bmo" id="1254856"></issue>
  <issue tracker="bmo" id="1254980"></issue>
  <issue tracker="bmo" id="1255139"></issue>
  <issue tracker="bmo" id="1255605"></issue>
  <issue tracker="bmo" id="1255735"></issue>
  <issue tracker="bmo" id="1257861"></issue>
  <issue tracker="bmo" id="1258562"></issue>
  <issue tracker="bmo" id="1259482"></issue>
  <issue tracker="bmo" id="1261776"></issue>
  <issue tracker="bmo" id="2714650"></issue>
  <issue tracker="bmo" id="870870"></issue>
  <issue tracker="bnc" id="977333">VUL-0: MozillaFirefox 46 / 45.1 ESR / 38.8 ESR security release</issue>
  <issue tracker="bnc" id="977373">VUL-0: CVE-2016-2804: MozillaFirefox: Memory safety bugs fixed in Firefox 46 (MFSA 2016-39)</issue>
  <issue tracker="bnc" id="977375">VUL-0: CVE-2016-2806: MozillaFirefox: Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (MFSA 2016-39)</issue>
  <issue tracker="bnc" id="977376">VUL-0: CVE-2016-2807: MozillaFirefox: Memory safety bugs fixed in Firefox ESR 45.1, Firefox ESR 38.8 and Firefox 46 (MFSA 2016-39</issue>
  <issue tracker="bnc" id="977377">VUL-0: CVE-2016-2809: MozillaFirefox: Maintenance Service updater File Deletion Elevation of Privilege</issue>
  <issue tracker="bnc" id="977378">VUL-0: CVE-2016-2810: MozillaFirefox: Content providers protected with signature-level permissions can be accessed by an application (MFSA 2016-41)</issue>
  <issue tracker="bnc" id="977379">VUL-0: CVE-2016-2811, CVE-2016-2812: MozillaFirefox: Use-after-free and buffer overflow in Service Workers (MFSA 2016-42)</issue>
  <issue tracker="bnc" id="977380">VUL-0: CVE-2016-2813: MozillaFirefox: Disclosure of user actions through JavaScript with motion and orientation sensors (MFSA 2016-43)</issue>
  <issue tracker="bnc" id="977381">VUL-0: CVE-2016-2814: MozillaFirefox: Buffer overflow in libstagefright with CENC offsets (MFSA 2016-44)</issue>
  <issue tracker="bnc" id="977382">VUL-0: CVE-2016-2816: MozillaFirefox: CSP not applied to pages sent with multipart/x-mixed-replace (MFSA 2016-45)</issue>
  <issue tracker="bnc" id="977384">VUL-0: CVE-2016-2817: MozillaFirefox: Elevation of privilege with chrome.tabs.update API in web extensions (MFSA 2016-46)</issue>
  <issue tracker="bnc" id="977386">VUL-0: CVE-2016-2808: MozillaFirefox: Write to invalid HashMap entry through JavaScript.watch() (MFSA 2016-47)</issue>
  <issue tracker="bnc" id="977388">VUL-0: CVE-2016-2820: MozillaFirefox: Firefox Health Reports could accept events from untrusted domains (MFSA 2016-48)</issue>
  <issue tracker="bmo" id="1009429"></issue>
  <issue tracker="bmo" id="1215295"></issue>
  <issue tracker="bmo" id="1243641"></issue>
  <category>security</category>
  <rating>moderate</rating>
  <summary>Security update to Firefox 46.0</summary>
  <description>This update to Mozilla Firefox 46.0 fixes several security issues and bugs (boo#977333).

   The following vulnerabilities were fixed:

   - CVE-2016-2804: Miscellaneous memory safety hazards - MFSA 2016-39
     (boo#977373)
   - CVE-2016-2806: Miscellaneous memory safety hazards - MFSA 2016-39
     (boo#977375)
   - CVE-2016-2807: Miscellaneous memory safety hazards - MFSA 2016-39
     (boo#977376)
   - CVE-2016-2808: Write to invalid HashMap entry through JavaScript.watch()
     - MFSA 2016-47 (boo#977386)
   - CVE-2016-2811: Use-after-free in Service Worker - MFSA 2016-42
     (boo#977379)
   - CVE-2016-2812: Buffer overflow in Service Worker - MFSA 2016-42
     (boo#977379)
   - CVE-2016-2814: Buffer overflow in libstagefright with CENC offsets -
     MFSA 2016-44 (boo#977381)
   - CVE-2016-2816: CSP not applied to pages sent with
     multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)
   - CVE-2016-2817: Elevation of privilege with chrome.tabs.update API in web
     extensions - MFSA 2016-46 (boo#977384)
   - CVE-2016-2820: Firefox Health Reports could accept events from untrusted
     domains - MFSA 2016-48 (boo#977388)

   The following miscellaneous changes are included:

   - Improved security of the JavaScript Just In Time (JIT) Compiler
   - WebRTC fixes to improve performance and stability
   - Added support for document.elementsFromPoint
   - Added HKDF support for Web Crypto API

The minimum requirements increased to NSPR 4.12 and NSS 3.22.3.

Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox 46.0, with the following changes:

   - Increase compatibility of TLS extended master secret, don't send an
     empty TLS extension last in the handshake (bmo#1243641)
   - RSA-PSS signatures are now supported
   - Pseudorandom functions based on hashes other than SHA-1 are now supported
   - Enforce an External Policy on NSS from a config file
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places