openSUSE Security Update : MozillaFirefox (openSUSE-2016-1490)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to MozillaFirefox 50.1.0 fixes the following
vulnerabilities :

- CVE-2016-9894: Buffer overflow in SkiaGL

- CVE-2016-9899: Use-after-free while manipulating DOM
events and audio elements

- CVE-2016-9895: CSP bypass using marquee tag

- CVE-2016-9896: Use-after-free with WebVR

- CVE-2016-9897: Memory corruption in libGLES

- CVE-2016-9898: Use-after-free in Editor while
manipulating DOM subtrees

- CVE-2016-9900: Restricted external resources can be
loaded by SVG images through data URLs

- CVE-2016-9904: Cross-origin information leak in shared
atoms

- CVE-2016-9901: Data from Pocket server improperly
sanitized before execution

- CVE-2016-9902: Pocket extension does not validate the
origin of events

- CVE-2016-9903: XSS injection vulnerability in add-ons
SDK

- CVE-2016-9080: Memory safety bugs fixed in Firefox 50.1

- CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1
and Firefox ESR 45.6

The following bugs were fixed :

- boo#1011922: fix crash after a few seconds of usage on
AArch64

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1011922
https://bugzilla.opensuse.org/show_bug.cgi?id=1015422

Solution :

Update the affected MozillaFirefox packages.

Risk factor :

High

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now