Security update for MozillaFirefox
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:2434-1
Final
1
1
2016-10-04T07:31:16Z
current
2016-10-04T07:31:16Z
2016-10-04T07:31:16Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for MozillaFirefox
MozillaFirefox was updated to version 45.4.0 ESR to fix the following issues:
Security issues fixed: (bsc#999701 MFSA 2016-86):
* CVE-2016-5270: Heap-buffer-overflow in nsCaseTransformTextRunFactory::TransformString
* CVE-2016-5272: Bad cast in nsImageGeometryMixin
* CVE-2016-5276: Heap-use-after-free in mozilla::a11y::DocAccessible::ProcessInvalidationList
* CVE-2016-5274: use-after-free in nsFrameManager::CaptureFrameState
* CVE-2016-5277: Heap-use-after-free in nsRefreshDriver::Tick
* CVE-2016-5278: Heap-buffer-overflow in nsBMPEncoder::AddImageFrame
* CVE-2016-5280: Use-after-free in mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap
* CVE-2016-5281: use-after-free in DOMSVGLength
* CVE-2016-5284: Add-on update site certificate pin expiration
* CVE-2016-5250: Resource Timing API is storing resources sent by the previous page
* CVE-2016-5261: Integer overflow and memory corruption in WebSocketChannel
* CVE-2016-5257: Memory safety bugs fixed in Firefox 49 and Firefox ESR 45.4
Bug fixed:
- Fix for aarch64 Firefox startup crash (bsc#991344)
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2016-1421,SUSE-SLE-SAP-12-2016-1421,SUSE-SLE-SDK-12-SP1-2016-1421,SUSE-SLE-SERVER-12-2016-1421,SUSE-SLE-SERVER-12-SP1-2016-1421
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
Link for SUSE-SU-2016:2434-1
https://lists.suse.com/pipermail/sle-security-updates/2016-October/002305.html
E-Mail link for SUSE-SU-2016:2434-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/991344
SUSE Bug 991344
https://bugzilla.suse.com/999701
SUSE Bug 999701
https://www.suse.com/security/cve/CVE-2016-5250/
SUSE CVE CVE-2016-5250 page
https://www.suse.com/security/cve/CVE-2016-5257/
SUSE CVE CVE-2016-5257 page
https://www.suse.com/security/cve/CVE-2016-5261/
SUSE CVE CVE-2016-5261 page
https://www.suse.com/security/cve/CVE-2016-5270/
SUSE CVE CVE-2016-5270 page
https://www.suse.com/security/cve/CVE-2016-5272/
SUSE CVE CVE-2016-5272 page
https://www.suse.com/security/cve/CVE-2016-5274/
SUSE CVE CVE-2016-5274 page
https://www.suse.com/security/cve/CVE-2016-5276/
SUSE CVE CVE-2016-5276 page
https://www.suse.com/security/cve/CVE-2016-5277/
SUSE CVE CVE-2016-5277 page
https://www.suse.com/security/cve/CVE-2016-5278/
SUSE CVE CVE-2016-5278 page
https://www.suse.com/security/cve/CVE-2016-5280/
SUSE CVE CVE-2016-5280 page
https://www.suse.com/security/cve/CVE-2016-5281/
SUSE CVE CVE-2016-5281 page
https://www.suse.com/security/cve/CVE-2016-5284/
SUSE CVE CVE-2016-5284 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
MozillaFirefox-45.4.0esr-81.1
MozillaFirefox-translations-45.4.0esr-81.1
MozillaFirefox-devel-45.4.0esr-81.1
MozillaFirefox-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
MozillaFirefox-translations-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
MozillaFirefox-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server 12 SP1
MozillaFirefox-translations-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server 12 SP1
MozillaFirefox-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-translations-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
MozillaFirefox-translations-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
MozillaFirefox-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-translations-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-devel-45.4.0esr-81.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls.
CVE-2016-5250
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
moderate
2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5250.html
CVE-2016-5250
https://bugzilla.suse.com/991809
SUSE Bug 991809
https://bugzilla.suse.com/999701
SUSE Bug 999701
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4 and Thunderbird < 45.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-5257
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5257.html
CVE-2016-5257
https://bugzilla.suse.com/999701
SUSE Bug 999701
Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before 48.0 and Firefox ESR < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets that trigger incorrect buffer-resize operations during buffering.
CVE-2016-5261
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5261.html
CVE-2016-5261
https://bugzilla.suse.com/991809
SUSE Bug 991809
https://bugzilla.suse.com/999701
SUSE Bug 999701
Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to cause a denial of service (boolean out-of-bounds write) or possibly have unspecified other impact via Unicode characters that are mishandled during text conversion.
CVE-2016-5270
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5270.html
CVE-2016-5270
https://bugzilla.suse.com/999701
SUSE Bug 999701
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2016-5272
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5272.html
CVE-2016-5272
https://bugzilla.suse.com/999701
SUSE Bug 999701
Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between restyling and the Web Animations model implementation.
CVE-2016-5274
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5274.html
CVE-2016-5274
https://bugzilla.suse.com/999701
SUSE Bug 999701
Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute.
CVE-2016-5276
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5276.html
CVE-2016-5276
https://bugzilla.suse.com/999701
SUSE Bug 999701
Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging improper interaction between timeline destruction and the Web Animations model implementation.
CVE-2016-5277
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5277.html
CVE-2016-5277
https://bugzilla.suse.com/999701
SUSE Bug 999701
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
CVE-2016-5278
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5278.html
CVE-2016-5278
https://bugzilla.suse.com/999701
SUSE Bug 999701
Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via bidirectional text.
CVE-2016-5280
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5280.html
CVE-2016-5280
https://bugzilla.suse.com/999701
SUSE Bug 999701
Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code by leveraging improper interaction between JavaScript code and an SVG document.
CVE-2016-5281
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5281.html
CVE-2016-5281
https://bugzilla.suse.com/999701
SUSE Bug 999701
Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended expiration dates for Preloaded Public Key Pinning, which allows man-in-the-middle attackers to spoof add-on updates by leveraging possession of an X.509 server certificate for addons.mozilla.org signed by an arbitrary built-in Certification Authority.
CVE-2016-5284
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.4.0esr-81.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.4.0esr-81.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.4.0esr-81.1
important
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20162434-1/
https://www.suse.com/security/cve/CVE-2016-5284.html
CVE-2016-5284
https://bugzilla.suse.com/999701
SUSE Bug 999701