openSUSE Security Update : Mozilla Firefox / Thunderbird and NSS (openSUSE-2016-1407)

high Nessus Plugin ID 95590

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

This update to Mozilla Firefox 50.0.2, Thunderbird 45.5.1 and NSS 3.16.2 fixes a number of security issues.

The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89) :

- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443)

- CVE-2016-5292: URL parsing causes crash (bmo#1288482)

- CVE-2016-5297: Incorrect argument length checking in JavaScript (bmo#1303678)

- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418)

- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686)

- CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069))

- CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973)

- CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324)

- CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552)

- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159)

- CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071)

- CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273)

- CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976)

- CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777)

- CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003)

- CVE-2016-5289: Memory safety bugs fixed in Firefox 50

- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5

The following vulnerabilities were fixed in Mozilla NSS 3.26.1 :

- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334)

Mozilla Firefox now requires mozilla-nss 3.26.2.

New features in Mozilla Firefox :

- Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R

- Added option to Find in page that allows users to limit search to whole words only

- Added download protection for a large number of executable file types on Windows, Mac and Linux

- Fixed rendering of dashed and dotted borders with rounded corners (border-radius)

- Added a built-in Emoji set for operating systems without native Emoji fonts

- Blocked versions of libavcodec older than 54.35.1

- additional locale

mozilla-nss was updated to 3.26.2, incorporating the following changes :

- the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT

- The following CA certificate was added: CN = ISRG Root X1

- NPN is disabled and ALPN is enabled by default

- MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored

Solution

Update the affected Mozilla Firefox / Thunderbird and NSS packages.

Plugin Details

Severity: High

ID: 95590

File Name: openSUSE-2016-1407.nasl

Version: 3.11

Type: local

Agent: unix

Family: SuSE Local Security Checks

Published: 12/7/2016

Updated: 1/19/2021

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:H/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 9.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:MozillaFirefox, p-cpe:/a:novell:opensuse:MozillaFirefox-branding-upstream, p-cpe:/a:novell:opensuse:MozillaFirefox-buildsymbols, p-cpe:/a:novell:opensuse:MozillaFirefox-debuginfo, p-cpe:/a:novell:opensuse:MozillaFirefox-debugsource, p-cpe:/a:novell:opensuse:MozillaFirefox-devel, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-common, p-cpe:/a:novell:opensuse:MozillaFirefox-translations-other, p-cpe:/a:novell:opensuse:MozillaThunderbird, p-cpe:/a:novell:opensuse:MozillaThunderbird-buildsymbols, p-cpe:/a:novell:opensuse:MozillaThunderbird-debuginfo, p-cpe:/a:novell:opensuse:MozillaThunderbird-debugsource, p-cpe:/a:novell:opensuse:MozillaThunderbird-devel, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-common, p-cpe:/a:novell:opensuse:MozillaThunderbird-translations-other, p-cpe:/a:novell:opensuse:libfreebl3, p-cpe:/a:novell:opensuse:libfreebl3-32bit, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo, p-cpe:/a:novell:opensuse:libfreebl3-debuginfo-32bit, p-cpe:/a:novell:opensuse:libsoftokn3, p-cpe:/a:novell:opensuse:libsoftokn3-32bit, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo, p-cpe:/a:novell:opensuse:libsoftokn3-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss, p-cpe:/a:novell:opensuse:mozilla-nss-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs, p-cpe:/a:novell:opensuse:mozilla-nss-certs-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-certs-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-debugsource, p-cpe:/a:novell:opensuse:mozilla-nss-devel, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo, p-cpe:/a:novell:opensuse:mozilla-nss-sysinit-debuginfo-32bit, p-cpe:/a:novell:opensuse:mozilla-nss-tools, p-cpe:/a:novell:opensuse:mozilla-nss-tools-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/5/2016

Exploitable With

Core Impact

Metasploit (Firefox nsSMILTimeContainer::NotifyTimeChange() RCE)

Reference Information

CVE: CVE-2016-5289, CVE-2016-5290, CVE-2016-5291, CVE-2016-5292, CVE-2016-5293, CVE-2016-5294, CVE-2016-5295, CVE-2016-5296, CVE-2016-5297, CVE-2016-5298, CVE-2016-5299, CVE-2016-9061, CVE-2016-9062, CVE-2016-9063, CVE-2016-9064, CVE-2016-9065, CVE-2016-9066, CVE-2016-9067, CVE-2016-9068, CVE-2016-9069, CVE-2016-9070, CVE-2016-9071, CVE-2016-9072, CVE-2016-9073, CVE-2016-9074, CVE-2016-9075, CVE-2016-9076, CVE-2016-9077, CVE-2016-9078, CVE-2016-9079