File _patchinfo of Package patchinfo.3830

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.3830

<patchinfo incident="3830">
  <issue id="1015422" tracker="bnc">VUL-0: MozillaFirefox 50.1 /  45.6 ESR security release</issue>
  <issue id="2016-9899" tracker="cve" />
  <issue id="2016-9898" tracker="cve" />
  <issue id="2016-9893" tracker="cve" />
  <issue id="2016-9895" tracker="cve" />
  <issue id="2016-9897" tracker="cve" />
  <issue id="2016-9902" tracker="cve" />
  <issue id="2016-9901" tracker="cve" />
  <issue id="2016-9900" tracker="cve" />
  <issue id="2016-9905" tracker="cve" />
  <issue id="2016-9904" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
MozillaFirefox 45 ESR was updated to 45.6 to fix the following issues:

* MFSA 2016-95/CVE-2016-9897: Memory corruption in libGLES
* MFSA 2016-95/CVE-2016-9901: Data from Pocket server improperly sanitized before execution
* MFSA 2016-95/CVE-2016-9898: Use-after-free in Editor while manipulating DOM subtrees
* MFSA 2016-95/CVE-2016-9899: Use-after-free while manipulating DOM events and audio elements
* MFSA 2016-95/CVE-2016-9904: Cross-origin information leak in shared atoms
* MFSA 2016-95/CVE-2016-9905: Crash in EnumerateSubDocuments
* MFSA 2016-95/CVE-2016-9895: CSP bypass using marquee tag
* MFSA 2016-95/CVE-2016-9900: Restricted external resources can be loaded by SVG images through data URLs
* MFSA 2016-95/CVE-2016-9893: Memory safety bugs fixed in Firefox 50.1 and Firefox ESR 45.6
* MFSA 2016-95/CVE-2016-9902: Pocket extension does not validate the origin of events

Please see https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
for more information.

</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.3830

Places