openSUSE Security Update : MozillaFirefox / mozilla-nss (openSUSE-2016-1334)

critical Nessus Plugin ID 95022
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update to Mozilla Firefox 50.0 fixes a number of security issues.

The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :

- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)

- CVE-2016-5292: URL parsing causes crash (bmo#1288482)

- CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)

- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)

- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)

- CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))

- CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)

- CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)

- CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)

- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)

- CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)

- CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)

- CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)

- CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)

- CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)

- CVE-2016-5289: Memory safety bugs fixed in Firefox 50

- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :

- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2.

New features in Mozilla Firefox :

- Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R

- Added option to Find in page that allows users to limit search to whole words only

- Added download protection for a large number of executable file types on Windows, Mac and Linux

- Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

- Added a built-in Emoji set for operating systems without native Emoji fonts

- Blocked versions of libavcodec older than 54.35.1

- additional locale

mozilla-nss was updated to 3.26.2, incorporating the following changes :

- the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT

- The following CA certificate was added: CN = ISRG Root X1

- NPN is disabled and ALPN is enabled by default

- MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored

Solution

Update the affected MozillaFirefox / mozilla-nss packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1009026

https://bugzilla.opensuse.org/show_bug.cgi?id=1010395

https://bugzilla.opensuse.org/show_bug.cgi?id=1010399

https://bugzilla.opensuse.org/show_bug.cgi?id=1010401

https://bugzilla.opensuse.org/show_bug.cgi?id=1010402

https://bugzilla.opensuse.org/show_bug.cgi?id=1010404

https://bugzilla.opensuse.org/show_bug.cgi?id=1010405

https://bugzilla.opensuse.org/show_bug.cgi?id=1010406

https://bugzilla.opensuse.org/show_bug.cgi?id=1010408

https://bugzilla.opensuse.org/show_bug.cgi?id=1010409

https://bugzilla.opensuse.org/show_bug.cgi?id=1010410

https://bugzilla.opensuse.org/show_bug.cgi?id=1010420

https://bugzilla.opensuse.org/show_bug.cgi?id=1010421

https://bugzilla.opensuse.org/show_bug.cgi?id=1010422

https://bugzilla.opensuse.org/show_bug.cgi?id=1010423

https://bugzilla.opensuse.org/show_bug.cgi?id=1010424

https://bugzilla.opensuse.org/show_bug.cgi?id=1010425

https://bugzilla.opensuse.org/show_bug.cgi?id=1010426

https://bugzilla.opensuse.org/show_bug.cgi?id=1010427

Plugin Details

Severity: Critical

ID: 95022

File Name: openSUSE-2016-1334.nasl

Version: 3.9

Type: local

Agent: unix

Published: 11/21/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 11/18/2016

Reference Information

CVE: CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5296, CVE-2016-5297, CVE-2016-9063, CVE-2016-9064, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9073, CVE-2016-9074, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077