openSUSE Security Update : Firefox (openSUSE-2016-566) (SWEET32)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to Mozilla Firefox 46.0 fixes several security issues and
bugs (boo#977333).

The following vulnerabilities were fixed :

- CVE-2016-2804: Miscellaneous memory safety hazards -
MFSA 2016-39 (boo#977373)

- CVE-2016-2806: Miscellaneous memory safety hazards -
MFSA 2016-39 (boo#977375)

- CVE-2016-2807: Miscellaneous memory safety hazards -
MFSA 2016-39 (boo#977376)

- CVE-2016-2808: Write to invalid HashMap entry through
JavaScript.watch()

- MFSA 2016-47 (boo#977386)

- CVE-2016-2811: Use-after-free in Service Worker - MFSA
2016-42 (boo#977379)

- CVE-2016-2812: Buffer overflow in Service Worker - MFSA
2016-42 (boo#977379)

- CVE-2016-2814: Buffer overflow in libstagefright with
CENC offsets - MFSA 2016-44 (boo#977381)

- CVE-2016-2816: CSP not applied to pages sent with
multipart/x-mixed-replace - MFSA 2016-45 (boo#977382)

- CVE-2016-2817: Elevation of privilege with
chrome.tabs.update API in web extensions - MFSA 2016-46
(boo#977384)

- CVE-2016-2820: Firefox Health Reports could accept
events from untrusted domains - MFSA 2016-48
(boo#977388)

The following miscellaneous changes are included :

- Improved security of the JavaScript Just In Time (JIT)
Compiler

- WebRTC fixes to improve performance and stability

- Added support for document.elementsFromPoint

- Added HKDF support for Web Crypto API

The minimum requirements increased to NSPR 4.12 and NSS 3.22.3.

Mozilla NSS was updated to 3.22.3 as a dependency for Mozilla Firefox
46.0, with the following changes :

- Increase compatibility of TLS extended master secret,
don't send an empty TLS extension last in the handshake
(bmo#1243641)

- RSA-PSS signatures are now supported

- Pseudorandom functions based on hashes other than SHA-1
are now supported

- Enforce an External Policy on NSS from a config file

See also :

https://bugzilla.mozilla.org/show_bug.cgi?id=1009429
https://bugzilla.mozilla.org/show_bug.cgi?id=1197901
https://bugzilla.mozilla.org/show_bug.cgi?id=1212939
https://bugzilla.mozilla.org/show_bug.cgi?id=1215295
https://bugzilla.mozilla.org/show_bug.cgi?id=1223743
https://bugzilla.mozilla.org/show_bug.cgi?id=1227462
https://bugzilla.mozilla.org/show_bug.cgi?id=1229681
https://bugzilla.mozilla.org/show_bug.cgi?id=1230955
https://bugzilla.mozilla.org/show_bug.cgi?id=1243641
https://bugzilla.mozilla.org/show_bug.cgi?id=1246061
https://bugzilla.mozilla.org/show_bug.cgi?id=1249572
https://bugzilla.mozilla.org/show_bug.cgi?id=1252330
https://bugzilla.mozilla.org/show_bug.cgi?id=1254503
https://bugzilla.mozilla.org/show_bug.cgi?id=1254694
https://bugzilla.mozilla.org/show_bug.cgi?id=1254721
https://bugzilla.mozilla.org/show_bug.cgi?id=1254856
https://bugzilla.mozilla.org/show_bug.cgi?id=1254980
https://bugzilla.mozilla.org/show_bug.cgi?id=1255139
https://bugzilla.mozilla.org/show_bug.cgi?id=1255605
https://bugzilla.mozilla.org/show_bug.cgi?id=1255735
https://bugzilla.mozilla.org/show_bug.cgi?id=1257861
https://bugzilla.mozilla.org/show_bug.cgi?id=1258562
https://bugzilla.mozilla.org/show_bug.cgi?id=1259482
https://bugzilla.mozilla.org/show_bug.cgi?id=1261776
https://bugzilla.mozilla.org/show_bug.cgi?id=2714650
https://bugzilla.mozilla.org/show_bug.cgi?id=870870
https://bugzilla.opensuse.org/show_bug.cgi?id=977333
https://bugzilla.opensuse.org/show_bug.cgi?id=977373
https://bugzilla.opensuse.org/show_bug.cgi?id=977375
https://bugzilla.opensuse.org/show_bug.cgi?id=977376
https://bugzilla.opensuse.org/show_bug.cgi?id=977377
https://bugzilla.opensuse.org/show_bug.cgi?id=977378
https://bugzilla.opensuse.org/show_bug.cgi?id=977379
https://bugzilla.opensuse.org/show_bug.cgi?id=977380
https://bugzilla.opensuse.org/show_bug.cgi?id=977381
https://bugzilla.opensuse.org/show_bug.cgi?id=977382
https://bugzilla.opensuse.org/show_bug.cgi?id=977384
https://bugzilla.opensuse.org/show_bug.cgi?id=977386
https://bugzilla.opensuse.org/show_bug.cgi?id=977388

Solution :

Update the affected Firefox packages.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now