Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="5981">
  <issue id="1012807" tracker="bnc">VUL-0: CVE-2016-9078: MozillaFirefox: data: URL can inherit wrong origin after an HTTP redirect</issue>
  <issue id="1012964" tracker="bnc">VUL-0: CVE-2016-9079: MozillaFirefox,MozillaThunderbird: SVG Animation Remote Code Execution (MFSA 2016-92)</issue>
  <issue id="2016-9079" tracker="cve" />
  <issue id="2016-9078" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>wrosenauer</packager>
  <description>
MozillaFirefox is updated to version 50.0.2 which fixes the following issues:

 * Firefox crashed with 3rd party Chinese IME when using IME text (fixed in
   version 50.0.1)
 * Redirection from an HTTP connection to a data: URL could inherit wrong origin
   after an HTTP redirect
   (fixed in version 50.0.1, bmo#1317641, MFSA 2016-91, boo#1012807, CVE-2016-9078)
 * Maliciously crafted SVG animations could cause remote code execution
   (fixed in version 50.0.2, bmo#1321066, MFSA 2016-92, boo##1012964, CVE-2016-9079)
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places