{"id":"SUSE-SU-2016:3080-1","summary":"Security update for MozillaFirefox, mozilla-nss","details":"This update for MozillaFirefox, mozilla-nss fixes security issues and bugs.\n\nThe following vulnerabilities were fixed in Firefox ESR 45.5.1 (bsc#1009026 bsc#1012964):\n\n- CVE-2016-9079: Use-after-free in SVG Animation (MFSA 2016-92  bsc#1012964)\n- CVE-2016-5297: Incorrect argument length checking in Javascript (bsc#1010401)\n- CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bsc#1010404)\n- CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bsc#1010395)\n- CVE-2016-9064: Addons update must verify IDs match between current and new versions (bsc#1010402)\n- CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 (bsc#1010427)\n- CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bsc#1010410)\n\nThe following vulnerabilities were fixed in mozilla-nss 3.21.3:\n\n- CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bsc#1010422)\n- CVE-2016-5285: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash (bsc#1010517)\n    \nThe following bugs were fixed:\n\n- Firefox would fail to go into fullscreen mode with some window managers (bsc#992549)\n- font warning messages would flood console, now using fontconfig configuration from\n  firefox-fontconfig instead of the system one (bsc#1000751)\n","modified":"2026-02-04T03:51:44.827064Z","published":"2016-12-10T18:21:00Z","related":["CVE-2016-5285","CVE-2016-5290","CVE-2016-5291","CVE-2016-5296","CVE-2016-5297","CVE-2016-9064","CVE-2016-9066","CVE-2016-9074","CVE-2016-9079"],"upstream":["CVE-2016-5285","CVE-2016-5290","CVE-2016-5291","CVE-2016-5296","CVE-2016-5297","CVE-2016-9064","CVE-2016-9066","CVE-2016-9074","CVE-2016-9079"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163080-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1000751"},{"type":"REPORT","url":"https://bugzilla.suse.com/1009026"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010395"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010401"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010402"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010404"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010410"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010422"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010427"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010517"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012964"},{"type":"REPORT","url":"https://bugzilla.suse.com/992549"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5285"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5290"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5291"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5296"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-5297"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9064"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9074"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-9079"}],"affected":[{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nss-devel":"3.21.3-39.1","MozillaFirefox-devel":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Software Development Kit 11 SP4","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nss-devel":"3.21.3-39.1","MozillaFirefox-devel":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:OpenStack Cloud 5","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:OpenStack Cloud 5","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20OpenStack%20Cloud%205"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Manager 2.1","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%202.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Manager 2.1","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Manager%202.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Manager Proxy 2.1","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Manager Proxy 2.1","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Manager%20Proxy%202.1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nss":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Point of Sale 11 SP3","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"mozilla-nss":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Server 11 SP3-LTSS","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Server 11 SP3-TERADATA","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 11 SP4","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-x86":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3-x86":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss-x86":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Server 11 SP4","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-x86":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3-x86":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss-x86":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.1esr-59.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-x86":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3-x86":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss-x86":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}},{"package":{"name":"mozilla-nss","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 11 SP4","purl":"pkg:rpm/suse/mozilla-nss&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.21.3-39.1"}]}],"ecosystem_specific":{"binaries":[{"libfreebl3-32bit":"3.21.3-39.1","mozilla-nss-tools":"3.21.3-39.1","libsoftokn3":"3.21.3-39.1","libsoftokn3-x86":"3.21.3-39.1","mozilla-nss":"3.21.3-39.1","libfreebl3-x86":"3.21.3-39.1","libsoftokn3-32bit":"3.21.3-39.1","mozilla-nss-x86":"3.21.3-39.1","libfreebl3":"3.21.3-39.1","mozilla-nss-32bit":"3.21.3-39.1","MozillaFirefox":"45.5.1esr-59.1","MozillaFirefox-translations":"45.5.1esr-59.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2016:3080-1.json"}}],"schema_version":"1.7.3"}