Security update for MozillaFirefox
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:3222-1
Final
1
1
2016-12-21T21:36:09Z
current
2016-12-21T21:36:09Z
2016-12-21T21:36:09Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for MozillaFirefox
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:
* MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
* MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution
* MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
* MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
* MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
* MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
* MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
* MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
* MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
* MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events
Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
for more information.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2016-1880,SUSE-SLE-DESKTOP-12-SP2-2016-1880,SUSE-SLE-RPI-12-SP2-2016-1880,SUSE-SLE-SAP-12-2016-1880,SUSE-SLE-SDK-12-SP1-2016-1880,SUSE-SLE-SDK-12-SP2-2016-1880,SUSE-SLE-SERVER-12-2016-1880,SUSE-SLE-SERVER-12-SP1-2016-1880,SUSE-SLE-SERVER-12-SP2-2016-1880
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
Link for SUSE-SU-2016:3222-1
https://lists.suse.com/pipermail/sle-security-updates/2016-December/002511.html
E-Mail link for SUSE-SU-2016:3222-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://www.suse.com/security/cve/CVE-2016-9893/
SUSE CVE CVE-2016-9893 page
https://www.suse.com/security/cve/CVE-2016-9895/
SUSE CVE CVE-2016-9895 page
https://www.suse.com/security/cve/CVE-2016-9897/
SUSE CVE CVE-2016-9897 page
https://www.suse.com/security/cve/CVE-2016-9898/
SUSE CVE CVE-2016-9898 page
https://www.suse.com/security/cve/CVE-2016-9899/
SUSE CVE CVE-2016-9899 page
https://www.suse.com/security/cve/CVE-2016-9900/
SUSE CVE CVE-2016-9900 page
https://www.suse.com/security/cve/CVE-2016-9901/
SUSE CVE CVE-2016-9901 page
https://www.suse.com/security/cve/CVE-2016-9902/
SUSE CVE CVE-2016-9902 page
https://www.suse.com/security/cve/CVE-2016-9904/
SUSE CVE CVE-2016-9904 page
https://www.suse.com/security/cve/CVE-2016-9905/
SUSE CVE CVE-2016-9905 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
MozillaFirefox-45.6.0esr-96.1
MozillaFirefox-translations-45.6.0esr-96.1
MozillaFirefox-devel-45.6.0esr-96.1
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12 SP1
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12 SP1
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12 SP2
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12 SP2
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
MozillaFirefox-translations-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
MozillaFirefox-devel-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
MozillaFirefox-devel-45.6.0esr-96.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9893
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9893.html
CVE-2016-9893
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9895
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9895.html
CVE-2016-9895
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9897
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9897.html
CVE-2016-9897
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9898
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9898.html
CVE-2016-9898
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9899
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9899.html
CVE-2016-9899
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9900
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9900.html
CVE-2016-9900
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
CVE-2016-9901
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9901.html
CVE-2016-9901
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
CVE-2016-9902
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9902.html
CVE-2016-9902
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
CVE-2016-9904
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9904.html
CVE-2016-9904
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542
A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.
CVE-2016-9905
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server 12-LTSS:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-45.6.0esr-96.1
SUSE Linux Enterprise Server for SAP Applications 12:MozillaFirefox-translations-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP1:MozillaFirefox-devel-45.6.0esr-96.1
SUSE Linux Enterprise Software Development Kit 12 SP2:MozillaFirefox-devel-45.6.0esr-96.1
moderate
6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163222-1/
https://www.suse.com/security/cve/CVE-2016-9905.html
CVE-2016-9905
https://bugzilla.suse.com/1015422
SUSE Bug 1015422
https://bugzilla.suse.com/1015527
SUSE Bug 1015527
https://bugzilla.suse.com/1015528
SUSE Bug 1015528
https://bugzilla.suse.com/1015529
SUSE Bug 1015529
https://bugzilla.suse.com/1015530
SUSE Bug 1015530
https://bugzilla.suse.com/1015531
SUSE Bug 1015531
https://bugzilla.suse.com/1015533
SUSE Bug 1015533
https://bugzilla.suse.com/1015534
SUSE Bug 1015534
https://bugzilla.suse.com/1015535
SUSE Bug 1015535
https://bugzilla.suse.com/1015536
SUSE Bug 1015536
https://bugzilla.suse.com/1015537
SUSE Bug 1015537
https://bugzilla.suse.com/1015538
SUSE Bug 1015538
https://bugzilla.suse.com/1015540
SUSE Bug 1015540
https://bugzilla.suse.com/1015541
SUSE Bug 1015541
https://bugzilla.suse.com/1015542
SUSE Bug 1015542