This update for MozillaFirefox, mozilla-nspr, mozilla-nss fixes the following issues:
Mozilla Firefox was updated to 38.7.0 ESR (bsc#969894)
- MFSA 2016-16/CVE-2016-1952/CVE-2016-1953
Miscellaneous memory safety hazards (rv:45.0 / rv:38.7)
- MFSA 2016-17/CVE-2016-1954
Local file overwriting and potential privilege escalation
through CSP reports
- MFSA 2016-20/CVE-2016-1957
A memory leak in libstagefright when deleting an array during
MP4 processing was fixed.
- MFSA 2016-21/CVE-2016-1958
The displayed page address can be overridden
- MFSA 2016-23/CVE-2016-1960
A use-after-free in HTML5 string parser was fixed.
- MFSA 2016-24/CVE-2016-1961
A use-after-free in SetBody was fixed.
- MFSA 2016-25/CVE-2016-1962
A use-after-free when using multiple WebRTC data channels was fixed.
- MFSA 2016-27/CVE-2016-1964
A use-after-free during XML transformations was fixed.
- MFSA 2016-28/CVE-2016-1965
Addressbar spoofing though history navigation and Location
protocol property was fixed.
- MFSA 2016-31/CVE-2016-1966
Memory corruption with malicious NPAPI plugin was fixed.
- MFSA 2016-34/CVE-2016-1974
A out-of-bounds read in the HTML parser following a failed
allocation was fixed.
- MFSA 2016-35/CVE-2016-1950
A buffer overflow during ASN.1 decoding in NSS was fixed.
- MFSA 2016-37/CVE-2016-1977/CVE-2016-2790/CVE-2016-2791/
CVE-2016-2792/CVE-2016-2793/CVE-2016-2794/CVE-2016-2795/
CVE-2016-2796/CVE-2016-2797/CVE-2016-2798/CVE-2016-2799/
CVE-2016-2800/CVE-2016-2801/CVE-2016-2802
Various font vulnerabilities were fixed in the embedded Graphite 2 library
Mozilla NSS was updated to fix:
- MFSA 2016-15/CVE-2016-1978
Use-after-free in NSS during SSL connections in low memory
- MFSA 2016-35/CVE-2016-1950
Buffer overflow during ASN.1 decoding in NSS
- MFSA 2016-36/CVE-2016-1979
Use-after-free during processing of DER encoded keys in NSS
Mozilla NSPR was updated to version 4.12 (bsc#969894)
- added a PR_GetEnvSecure function, which attempts to...