Bug 977375 - (CVE-2016-2806) VUL-0: CVE-2016-2806: MozillaFirefox: Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (MFSA 2016-39)
(CVE-2016-2806)
VUL-0: CVE-2016-2806: MozillaFirefox: Memory safety bugs fixed in Firefox ESR...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All openSUSE 42.1
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on: 977333
Blocks:
  Show dependency treegraph
 
Reported: 2016-04-27 08:34 UTC by Andreas Stieger
Modified: 2020-04-05 18:20 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-04-27 08:34:24 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/

Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. 

Gary Kwong, Christian Holler, Jesse Ruderman, Mats Palmgren, Carsten Book, Boris Zbarsky, David Bolter, and Randell Jesup reported memory safety problems and crashes that are fixed in Firefox ESR 45.1 and Firefox 46.

Memory safety bugs fixed in Firefox ESR 45.1 and Firefox 46 (CVE-2016-2806)
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1251922,1212328,1242810,1253099,1254122,1255949,1228882,1256065,1238592,1260439,1231919,1258231,1242668

This one affects openSUSE only.
Comment 1 Swamp Workflow Management 2016-04-27 22:00:47 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-04-28 12:19:44 UTC
Adjust severity for memory safety bugs
Comment 3 Bernhard Wiedemann 2016-04-30 08:00:22 UTC
This is an autogenerated message for OBS integration:
This bug (977375) was mentioned in
https://build.opensuse.org/request/show/392977 Factory / MozillaFirefox
https://build.opensuse.org/request/show/392978 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/392979 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/392980 13.1 / MozillaFirefox
Comment 4 Andreas Stieger 2016-04-30 10:21:25 UTC
openSUSE submitted, updates running
Comment 5 Bernhard Wiedemann 2016-05-04 06:00:22 UTC
This is an autogenerated message for OBS integration:
This bug (977375) was mentioned in
https://build.opensuse.org/request/show/393514 Factory / MozillaFirefox
Comment 6 Swamp Workflow Management 2016-05-04 13:09:04 UTC
openSUSE-SU-2016:1211-1: An update that fixes 10 vulnerabilities is now available.

Category: security (important)
Bug References: 977333,977373,977375,977376,977379,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2811,CVE-2016-2812,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-46.0-21.1, mozilla-nss-3.22.3-15.2
openSUSE 13.2 (src):    MozillaFirefox-46.0-68.1, mozilla-nss-3.22.3-31.1
Comment 7 Andreas Stieger 2016-05-04 13:20:23 UTC
Closing bugs exclusive to openSUSE as fixed.
Comment 8 Swamp Workflow Management 2016-05-06 14:08:11 UTC
openSUSE-SU-2016:1251-1: An update that fixes 13 vulnerabilities is now available.

Category: security (moderate)
Bug References: 977333,977373,977375,977376,977377,977378,977379,977380,977381,977382,977384,977386,977388
CVE References: CVE-2016-2804,CVE-2016-2806,CVE-2016-2807,CVE-2016-2808,CVE-2016-2809,CVE-2016-2810,CVE-2016-2811,CVE-2016-2812,CVE-2016-2813,CVE-2016-2814,CVE-2016-2816,CVE-2016-2817,CVE-2016-2820
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-46.0-113.2, mozilla-nss-3.22.3-77.1
Comment 9 Swamp Workflow Management 2016-07-10 14:08:30 UTC
openSUSE-SU-2016:1767-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 969894,977333,977375,977376,983549,984126,984637,986162
CVE References: CVE-2016-1952,CVE-2016-1953,CVE-2016-1954,CVE-2016-1955,CVE-2016-1956,CVE-2016-1957,CVE-2016-1960,CVE-2016-1961,CVE-2016-1964,CVE-2016-1974,CVE-2016-1977,CVE-2016-2790,CVE-2016-2791,CVE-2016-2792,CVE-2016-2793,CVE-2016-2794,CVE-2016-2795,CVE-2016-2796,CVE-2016-2797,CVE-2016-2798,CVE-2016-2799,CVE-2016-2800,CVE-2016-2801,CVE-2016-2802,CVE-2016-2806,CVE-2016-2807,CVE-2016-2815,CVE-2016-2818
Sources used:
openSUSE 13.1 (src):    MozillaThunderbird-45.2-70.83.1
Comment 10 Swamp Workflow Management 2016-07-10 22:08:26 UTC
openSUSE-SU-2016:1769-1: An update that fixes 28 vulnerabilities is now available.

Category: security (important)
Bug References: 969894,977333,977375,977376,983549,984126,984637,986162
CVE References: CVE-2016-1952,CVE-2016-1953,CVE-2016-1954,CVE-2016-1955,CVE-2016-1956,CVE-2016-1957,CVE-2016-1960,CVE-2016-1961,CVE-2016-1964,CVE-2016-1974,CVE-2016-1977,CVE-2016-2790,CVE-2016-2791,CVE-2016-2792,CVE-2016-2793,CVE-2016-2794,CVE-2016-2795,CVE-2016-2796,CVE-2016-2797,CVE-2016-2798,CVE-2016-2799,CVE-2016-2800,CVE-2016-2801,CVE-2016-2802,CVE-2016-2806,CVE-2016-2807,CVE-2016-2815,CVE-2016-2818
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-45.2-6.1