Bugzilla – Bug 977374
VUL-0: CVE-2016-2805: MozillaFirefox: Memory safety bug fixed in Firefox ESR 38.8 (MFSA 2016-39)
Last modified: 2016-06-02 10:56:58 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/ Mozilla developers fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. Christian Holler reported a memory safety problem that is fixed in Firefox ESR 38.8. Memory safety bug fixed in Firefox ESR 38.8 (CVE-2016-2805) https://bugzilla.mozilla.org/show_bug.cgi?id=1241731
An update workflow for this issue was started. This issue was rated as critical. Please submit fixed packages until 2016-04-29. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62674
bugbot adjusting priority
Adjust severity for memory safety bugs
All submission received, incidents running
SUSE-SU-2016:1258-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 977333,977374,977376,977381,977386 CVE References: CVE-2016-2805,CVE-2016-2807,CVE-2016-2808,CVE-2016-2814 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): MozillaFirefox-38.8.0esr-66.2 SUSE Linux Enterprise Software Development Kit 12 (src): MozillaFirefox-38.8.0esr-66.2 SUSE Linux Enterprise Server 12-SP1 (src): MozillaFirefox-38.8.0esr-66.2 SUSE Linux Enterprise Server 12 (src): MozillaFirefox-38.8.0esr-66.2 SUSE Linux Enterprise Desktop 12-SP1 (src): MozillaFirefox-38.8.0esr-66.2 SUSE Linux Enterprise Desktop 12 (src): MozillaFirefox-38.8.0esr-66.2
SUSE-SU-2016:1342-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 977333,977374,977376,977381,977386 CVE References: CVE-2016-2805,CVE-2016-2807,CVE-2016-2808,CVE-2016-2814 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-38.8.0esr-40.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-38.8.0esr-40.1
SUSE-SU-2016:1352-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 977333,977374,977376,977381,977386 CVE References: CVE-2016-2805,CVE-2016-2807,CVE-2016-2808,CVE-2016-2814 Sources used: SUSE Linux Enterprise Server 10 SP4 LTSS (src): MozillaFirefox-38.8.0esr-0.5.1
SUSE-SU-2016:1374-1: An update that solves four vulnerabilities and has one errata is now available. Category: security (important) Bug References: 977333,977374,977376,977381,977386 CVE References: CVE-2016-2805,CVE-2016-2807,CVE-2016-2808,CVE-2016-2814 Sources used: SUSE OpenStack Cloud 5 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Manager Proxy 2.1 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Manager 2.1 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Linux Enterprise Server 11-SP4 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): MozillaFirefox-38.8.0esr-40.5, mozilla-nspr-4.12-26.1, mozilla-nss-3.20.2-30.1
released