Bug 983655 (CVE-2016-2819)

Summary: VUL-0: CVE-2016-2819: MozillaFirefox: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Petr Cerny <pcerny>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:RedHat:CVE-2016-2819:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:SUSE:CVE-2016-2819:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:NVD:CVE-2016-2819:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) maint:running:62846:low maint:released:oes11-sp2:62857 CVSSv3:NVD:CVE-2016-2819:8.8:(AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 983549    

Description Marcus Meissner 2016-06-08 06:50:19 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/


Mozilla Foundation Security Advisory 2016-50
Buffer overflow parsing HTML5 fragments

Announced
    June 7, 2016
Reporter
    firehack
Impact
    Critical
Products
    Firefox, Firefox ESR
Fixed in

        Firefox 47
        Firefox ESR 45.2

Description

Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document.
References

    HTML5 parser heap-buffer-overflow (CVE-2016-2819)
Comment 1 Bernhard Wiedemann 2016-06-08 18:00:52 UTC
This is an autogenerated message for OBS integration:
This bug (983655) was mentioned in
https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox
https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox
https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox
https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox
Comment 2 Swamp Workflow Management 2016-06-08 22:01:52 UTC
bugbot adjusting priority
Comment 3 Swamp Workflow Management 2016-06-11 12:14:15 UTC
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1
openSUSE 13.2 (src):    MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
Comment 4 Swamp Workflow Management 2016-06-11 20:10:02 UTC
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655
CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834
Sources used:
openSUSE 13.1 (src):    MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
Comment 5 Bernhard Wiedemann 2016-06-15 22:00:54 UTC
This is an autogenerated message for OBS integration:
This bug (983655) was mentioned in
https://build.opensuse.org/request/show/402575 42.2 / MozillaFirefox
Comment 6 Bernhard Wiedemann 2016-06-16 16:01:05 UTC
This is an autogenerated message for OBS integration:
This bug (983655) was mentioned in
https://build.opensuse.org/request/show/402737 42.2 / MozillaFirefox
Comment 8 Swamp Workflow Management 2016-06-27 18:10:13 UTC
SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available.

Category: security (important)
Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
Comment 9 Swamp Workflow Management 2016-07-14 13:09:31 UTC
SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834
Sources used:
SUSE OpenStack Cloud 5 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager Proxy 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Manager 2.1 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
Comment 10 Swamp Workflow Management 2016-08-12 19:11:40 UTC
SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809
CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
Comment 11 Marcus Meissner 2016-08-17 05:51:48 UTC
released