{"affected":[{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.5.1esr-63.1","MozillaFirefox-translations":"45.5.1esr-63.1","libfreebl3":"3.21.3-30.1","libfreebl3-32bit":"3.21.3-30.1","mozilla-nss":"3.21.3-30.1","mozilla-nss-32bit":"3.21.3-30.1","mozilla-nss-devel":"3.21.3-30.1","mozilla-nss-tools":"3.21.3-30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"MozillaFirefox","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"45.5.1esr-63.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"MozillaFirefox":"45.5.1esr-63.1","MozillaFirefox-translations":"45.5.1esr-63.1","libfreebl3":"3.21.3-30.1","libfreebl3-32bit":"3.21.3-30.1","mozilla-nss":"3.21.3-30.1","mozilla-nss-32bit":"3.21.3-30.1","mozilla-nss-devel":"3.21.3-30.1","mozilla-nss-tools":"3.21.3-30.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 11 SP2-LTSS","name":"mozilla-nss","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP2-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.21.3-30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\nThe following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026):\n\n- CVE-2016-9079: Use-after-free in SVG Animation (bsc#1012964 MFSA 2016-92)\n- CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401)\n- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410)\n\nThe following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n- CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n\nThe following bugs were fixed:\n\n- Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n- font warning messages would flood console, now using fontconfig configuration from\n  firefox-fontconfig instead of the system one (bsc#1000751)\n","id":"SUSE-SU-2016:3105-1","modified":"2016-12-13T08:18:24Z","published":"2016-12-13T08:18:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163105-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000751"},{"type":"REPORT","url":"https://bugzilla.suse.com/1009026"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010395"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010401"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010402"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010427"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010517"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012964"},{"type":"REPORT","url":"https://bugzilla.suse.com/992549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5285"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5297"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9074"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9079"}],"related":["CVE-2016-5285","CVE-2016-5290","CVE-2016-5291","CVE-2016-5296","CVE-2016-5297","CVE-2016-9064","CVE-2016-9066","CVE-2016-9074","CVE-2016-9079"],"summary":"Security update for MozillaFirefox, mozilla-nss","upstream":["CVE-2016-5285","CVE-2016-5290","CVE-2016-5291","CVE-2016-5296","CVE-2016-5297","CVE-2016-9064","CVE-2016-9066","CVE-2016-9074","CVE-2016-9079"]}