openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)

Severity

Theme

openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)

critical Nessus Plugin ID 95590

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.

The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :

- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)

- CVE-2016-5292: URL parsing causes crash (bmo#1288482)

- CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)

- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)

- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)

- CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))

- CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)

- CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)

- CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)

- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)

- CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)

- CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)

- CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)

- CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)

- CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)

- CVE-2016-5289: Memory safety bugs fixed in Firefox 50

- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :

- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334)

Mozilla Firefox now requires mozilla-nss 3.26.2.

New features in Mozilla Firefox :

- Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R

- Added option to Find in page that allows users to limit search to whole words only

- Added download protection for a large number of executable file types on Windows, Mac and Linux

- Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

- Added a built-in Emoji set for operating systems without native Emoji fonts

- Blocked versions of libavcodec older than 54.35.1

- additional locale

mozilla-nss was updated to 3.26.2, incorporating the following changes :

- the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT

- The following CA certificate was added: CN = ISRG Root X1

- NPN is disabled and ALPN is enabled by default

- MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored

Solution

Update the affected Mozilla Firefox / Thunderbird and NSS packages.

Plugin Details

Severity: Critical

ID: 95590

File Name: openSUSE-2016-1407.nasl

Version: 3.11

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/7/2016

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/5/2016

Exploitable With

Core Impact

Metasploit (Firefox nsSMILTimeContainer::NotifyTimeChange() RCE)

Reference Information

CVE: CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5293, CVE-2016-5294, CVE-2016-5295, CVE-2016-5296, CVE-2016-5297, CVE-2016-5298, CVE-2016-5299, CVE-2016-9061, CVE-2016-9062, CVE-2016-9063, CVE-2016-9064, CVE-2016-9065, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9072, CVE-2016-9073, CVE-2016-9074, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077, CVE-2016-9078, CVE-2016-9079