Security update for Firefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:0733-1 Final 1 1 2016-03-12T08:35:47Z current 2016-03-12T08:35:47Z 2016-03-12T08:35:47Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Firefox This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues: MozillaFirefox was updated to Firefox 45.0 (boo#969894) * requires NSPR 4.12 / NSS 3.21.1 * Instant browser tab sharing through Hello * Synced Tabs button in button bar * Tabs synced via Firefox Accounts from other devices are now shown in dropdown area of Awesome Bar when searching * Introduce a new preference (network.dns.blockDotOnion) to allow blocking .onion at the DNS level * Tab Groups (Panorama) feature removed * MFSA 2016-16/CVE-2016-1952/CVE-2016-1953 Miscellaneous memory safety hazards * MFSA 2016-17/CVE-2016-1954 (bmo#1243178) Local file overwriting and potential privilege escalation through CSP reports * MFSA 2016-18/CVE-2016-1955 (bmo#1208946) CSP reports fail to strip location information for embedded iframe pages * MFSA 2016-19/CVE-2016-1956 (bmo#1199923) Linux video memory DOS with Intel drivers * MFSA 2016-20/CVE-2016-1957 (bmo#1227052) Memory leak in libstagefright when deleting an array during MP4 processing * MFSA 2016-21/CVE-2016-1958 (bmo#1228754) Displayed page address can be overridden * MFSA 2016-22/CVE-2016-1959 (bmo#1234949) Service Worker Manager out-of-bounds read in Service Worker Manager * MFSA 2016-23/CVE-2016-1960/ZDI-CAN-3545 (bmo#1246014) Use-after-free in HTML5 string parser * MFSA 2016-24/CVE-2016-1961/ZDI-CAN-3574 (bmo#1249377) Use-after-free in SetBody * MFSA 2016-25/CVE-2016-1962 (bmo#1240760) Use-after-free when using multiple WebRTC data channels * MFSA 2016-26/CVE-2016-1963 (bmo#1238440) Memory corruption when modifying a file being read by FileReader * MFSA 2016-27/CVE-2016-1964 (bmo#1243335) Use-after-free during XML transformations * MFSA 2016-28/CVE-2016-1965 (bmo#1245264) Addressbar spoofing though history navigation and Location protocol property * MFSA 2016-29/CVE-2016-1967 (bmo#1246956) Same-origin policy violation using perfomance.getEntries and history navigation with session restore * MFSA 2016-30/CVE-2016-1968 (bmo#1246742) Buffer overflow in Brotli decompression * MFSA 2016-31/CVE-2016-1966 (bmo#1246054) Memory corruption with malicious NPAPI plugin * MFSA 2016-32/CVE-2016-1970/CVE-2016-1971/CVE-2016-1975/ CVE-2016-1976/CVE-2016-1972 WebRTC and LibVPX vulnerabilities found through code inspection * MFSA 2016-33/CVE-2016-1973 (bmo#1219339) Use-after-free in GetStaticInstance in WebRTC * MFSA 2016-34/CVE-2016-1974 (bmo#1228103) Out-of-bounds read in HTML parser following a failed allocation * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) * MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/ CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/ CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/ CVE-2016-2800/CVE-2016-2801/CVE-2016-2802 Font vulnerabilities in the Graphite 2 library mozilla-nspr was updated to version 4.12 * added a PR_GetEnvSecure function, which attempts to detect if the program is being executed with elevated privileges, and returns NULL if detected. It is recommended to use this function in general purpose library code. * fixed a memory allocation bug related to the PR_*printf functions * exported API PR_DuplicateEnvironment, which had already been added in NSPR 4.10.9 * added support for FreeBSD aarch64 * several minor correctness and compatibility fixes mozilla-nss was updated to NSS 3.21.1 (bmo#969894) * required for Firefox 45.0 * MFSA 2016-35/CVE-2016-1950 (bmo#1245528) Buffer overflow during ASN.1 decoding in NSS (fixed by requiring 3.21.1) * MFSA 2016-36/CVE-2016-1979 (bmo#1185033) Use-after-free during processing of DER encoded keys in NSS (fixed by requiring 3.21.1) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html E-Mail link for openSUSE-SU-2016:0733-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-45.0-109.1 MozillaFirefox-branding-upstream-45.0-109.1 MozillaFirefox-buildsymbols-45.0-109.1 MozillaFirefox-devel-45.0-109.1 MozillaFirefox-translations-common-45.0-109.1 MozillaFirefox-translations-other-45.0-109.1 libfreebl3-3.21.1-74.1 libfreebl3-32bit-3.21.1-74.1 libsoftokn3-3.21.1-74.1 libsoftokn3-32bit-3.21.1-74.1 mozilla-nspr-4.12-34.1 mozilla-nspr-32bit-4.12-34.1 mozilla-nspr-devel-4.12-34.1 mozilla-nss-3.21.1-74.1 mozilla-nss-32bit-3.21.1-74.1 mozilla-nss-certs-3.21.1-74.1 mozilla-nss-certs-32bit-3.21.1-74.1 mozilla-nss-devel-3.21.1-74.1 mozilla-nss-sysinit-3.21.1-74.1 mozilla-nss-sysinit-32bit-3.21.1-74.1 mozilla-nss-tools-3.21.1-74.1 Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. CVE-2016-1950 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1950.html CVE-2016-1950 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. CVE-2016-1952 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1952.html CVE-2016-1952 https://bugzilla.suse.com/969894 SUSE Bug 969894 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors. CVE-2016-1953 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1953.html CVE-2016-1953 https://bugzilla.suse.com/969894 SUSE Bug 969894 The nsCSPContext::SendReports function in dom/security/nsCSPContext.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not prevent use of a non-HTTP report-uri for a Content Security Policy (CSP) violation report, which allows remote attackers to cause a denial of service (data overwrite) or possibly gain privileges by specifying a URL of a local file. CVE-2016-1954 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1954.html CVE-2016-1954 https://bugzilla.suse.com/969894 SUSE Bug 969894 Mozilla Firefox before 45.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by reading a Content Security Policy (CSP) violation report that contains path information associated with an IFRAME element. CVE-2016-1955 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1955.html CVE-2016-1955 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader. CVE-2016-1956 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1956.html CVE-2016-1956 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array. CVE-2016-1957 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1957.html CVE-2016-1957 https://bugzilla.suse.com/969894 SUSE Bug 969894 browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL. CVE-2016-1958 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1958.html CVE-2016-1958 https://bugzilla.suse.com/969894 SUSE Bug 969894 The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API. CVE-2016-1959 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1959.html CVE-2016-1959 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545. CVE-2016-1960 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1960.html CVE-2016-1960 https://bugzilla.suse.com/969894 SUSE Bug 969894 Use-after-free vulnerability in the nsHTMLDocument::SetBody function in dom/html/nsHTMLDocument.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of a root element, aka ZDI-CAN-3574. CVE-2016-1961 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1961.html CVE-2016-1961 https://bugzilla.suse.com/969894 SUSE Bug 969894 Use-after-free vulnerability in the mozilla::DataChannelConnection::Close function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code by leveraging mishandling of WebRTC data-channel connections. CVE-2016-1962 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1962.html CVE-2016-1962 https://bugzilla.suse.com/969894 SUSE Bug 969894 The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation. CVE-2016-1963 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1963.html CVE-2016-1963 https://bugzilla.suse.com/969894 SUSE Bug 969894 Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations. CVE-2016-1964 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1964.html CVE-2016-1964 https://bugzilla.suse.com/969894 SUSE Bug 969894 Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property. CVE-2016-1965 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1965.html CVE-2016-1965 https://bugzilla.suse.com/969894 SUSE Bug 969894 The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin. CVE-2016-1966 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1966.html CVE-2016-1966 https://bugzilla.suse.com/969894 SUSE Bug 969894 Mozilla Firefox before 45.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that leverages history.back and performance.getEntries calls after restoring a browser session. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-7207. CVE-2016-1967 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1967.html CVE-2016-1967 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted data with brotli compression. CVE-2016-1968 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1968.html CVE-2016-1968 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2016-1970 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1970.html CVE-2016-1970 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 The I420VideoFrame::CreateFrame function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows omits an unspecified status check, which might allow remote attackers to cause a denial of service (memory corruption) or possibly have other impact via unknown vectors. CVE-2016-1971 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1971.html CVE-2016-1971 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Race condition in libvpx in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. CVE-2016-1972 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1972.html CVE-2016-1972 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Race condition in the GetStaticInstance function in the WebRTC implementation in Mozilla Firefox before 45.0 might allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via unspecified vectors. CVE-2016-1973 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1973.html CVE-2016-1973 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 The nsScannerString::AppendUnicodeTo function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 does not verify that memory allocation succeeds, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via crafted Unicode data in an HTML, XML, or SVG document. CVE-2016-1974 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1974.html CVE-2016-1974 https://bugzilla.suse.com/969894 SUSE Bug 969894 Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. CVE-2016-1975 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1975.html CVE-2016-1975 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. CVE-2016-1976 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1976.html CVE-2016-1976 https://bugzilla.suse.com/969894 SUSE Bug 969894 https://bugzilla.suse.com/970257 SUSE Bug 970257 https://bugzilla.suse.com/970377 SUSE Bug 970377 https://bugzilla.suse.com/970378 SUSE Bug 970378 https://bugzilla.suse.com/970379 SUSE Bug 970379 https://bugzilla.suse.com/970380 SUSE Bug 970380 https://bugzilla.suse.com/970381 SUSE Bug 970381 https://bugzilla.suse.com/970431 SUSE Bug 970431 https://bugzilla.suse.com/970433 SUSE Bug 970433 The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font. CVE-2016-1977 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1977.html CVE-2016-1977 https://bugzilla.suse.com/969894 SUSE Bug 969894 Use-after-free vulnerability in the PK11_ImportDERPrivateKeyInfoAndReturnKey function in Mozilla Network Security Services (NSS) before 3.21.1, as used in Mozilla Firefox before 45.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted key data with DER encoding. CVE-2016-1979 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-1979.html CVE-2016-1979 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. CVE-2016-2790 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2790.html CVE-2016-2790 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2791 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2791.html CVE-2016-2791 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800. CVE-2016-2792 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2792.html CVE-2016-2792 https://bugzilla.suse.com/969894 SUSE Bug 969894 CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2793 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2793.html CVE-2016-2793 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2794 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2794.html CVE-2016-2794 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font. CVE-2016-2795 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2795.html CVE-2016-2795 https://bugzilla.suse.com/969894 SUSE Bug 969894 Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2796 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2796.html CVE-2016-2796 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801. CVE-2016-2797 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2797.html CVE-2016-2797 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2798 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2798.html CVE-2016-2798 https://bugzilla.suse.com/969894 SUSE Bug 969894 Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2799 critical Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2799.html CVE-2016-2799 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2792. CVE-2016-2800 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2800.html CVE-2016-2800 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797. CVE-2016-2801 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2801.html CVE-2016-2801 https://bugzilla.suse.com/969894 SUSE Bug 969894 The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font. CVE-2016-2802 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html https://www.suse.com/security/cve/CVE-2016-2802.html CVE-2016-2802 https://bugzilla.suse.com/969894 SUSE Bug 969894