Bug 963632 - (CVE-2016-1930) VUL-0: CVE-2016-1930: MozillaFirefox: Memory safety bugs fixed in Firefox ESR 38.6 and Firefox 44
(CVE-2016-1930)
VUL-0: CVE-2016-1930: MozillaFirefox: Memory safety bugs fixed in Firefox ESR...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All All
: P5 - None : Major
: ---
Assigned To: Petr Cerny
Security Team bot
CVSSv2:RedHat:CVE-2016-1930:6.8:(AV:N...
:
Depends on: 963520
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-26 18:03 UTC by Andreas Stieger
Modified: 2016-03-02 10:17 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-01-26 18:03:59 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/

Mozilla developers and community identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and we presume that with enough effort at least some of these could be exploited to run arbitrary code. 

References:
https://bugzilla.mozilla.org/buglist.cgi?bug_id=1230483,1233152,1233925,1234280,1233346,1221385,1223670,1230639,1230668,1230686,1224200,1234571
Comment 1 Andreas Stieger 2016-01-26 18:46:10 UTC
Considering the description, common precautions and use of MozillaFirefox ESR, rating as important/major.
Comment 2 Swamp Workflow Management 2016-01-26 18:50:32 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2016-02-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/62466
Comment 3 Swamp Workflow Management 2016-02-02 01:14:33 UTC
openSUSE-SU-2016:0310-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 963632,963635
CVE References: CVE-2016-1930,CVE-2016-1935
Sources used:
openSUSE Leap 42.1 (src):    xulrunner-38.6.0-10.2
Comment 4 Swamp Workflow Management 2016-02-04 18:12:37 UTC
SUSE-SU-2016:0334-1: An update that solves three vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 954447,963520,963632,963635,963731
CVE References: CVE-2016-1930,CVE-2016-1935,CVE-2016-1938
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-38.6.0esr-31.3, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    MozillaFirefox-38.6.0esr-31.3, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    MozillaFirefox-38.6.0esr-31.3, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-38.6.0esr-31.3, MozillaFirefox-branding-SLED-38-18.24, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Server 11-SP3 (src):    MozillaFirefox-38.6.0esr-31.3, MozillaFirefox-branding-SLED-38-18.24, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Desktop 11-SP4 (src):    MozillaFirefox-38.6.0esr-31.3, MozillaFirefox-branding-SLED-38-18.24, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Desktop 11-SP3 (src):    MozillaFirefox-38.6.0esr-31.3, MozillaFirefox-branding-SLED-38-18.24, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-38.6.0esr-31.3, mozilla-nss-3.20.2-25.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-38.6.0esr-31.3, mozilla-nss-3.20.2-25.2
Comment 5 Swamp Workflow Management 2016-02-04 18:16:39 UTC
SUSE-SU-2016:0338-1: An update that solves three vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 954447,963520,963632,963635,963731,964332
CVE References: CVE-2016-1930,CVE-2016-1935,CVE-2016-1938
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-38.6.0esr-57.3, mozilla-nss-3.20.2-37.1
SUSE Linux Enterprise Software Development Kit 12 (src):    MozillaFirefox-38.6.0esr-57.3, mozilla-nss-3.20.2-37.1
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-38.6.0esr-57.3, MozillaFirefox-branding-SLE-31.0-20.1, mozilla-nss-3.20.2-37.1
SUSE Linux Enterprise Server 12 (src):    MozillaFirefox-38.6.0esr-57.3, MozillaFirefox-branding-SLE-31.0-20.1, mozilla-nss-3.20.2-37.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-38.6.0esr-57.3, MozillaFirefox-branding-SLE-31.0-20.1, mozilla-nss-3.20.2-37.1
SUSE Linux Enterprise Desktop 12 (src):    MozillaFirefox-38.6.0esr-57.3, MozillaFirefox-branding-SLE-31.0-20.1, mozilla-nss-3.20.2-37.1
Comment 6 Swamp Workflow Management 2016-02-17 11:14:53 UTC
openSUSE-SU-2016:0492-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 963520,963632,963635
CVE References: CVE-2016-1930,CVE-2016-1935
Sources used:
openSUSE Leap 42.1 (src):    MozillaThunderbird-38.6.0-10.1
openSUSE 13.2 (src):    MozillaThunderbird-38.6.0-37.1
Comment 7 Swamp Workflow Management 2016-02-25 19:13:51 UTC
SUSE-SU-2016:0584-1: An update that solves 5 vulnerabilities and has two fixes is now available.

Category: security (moderate)
Bug References: 954447,959888,963520,963632,963635,963731,967087
CVE References: CVE-2015-7575,CVE-2016-1523,CVE-2016-1930,CVE-2016-1935,CVE-2016-1938
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    MozillaFirefox-38.6.1esr-33.1, MozillaFirefox-branding-SLED-38-15.58, mozilla-nss-3.20.2-17.5
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    MozillaFirefox-38.6.1esr-33.1, mozilla-nss-3.20.2-17.5
Comment 8 Marcus Meissner 2016-03-02 10:17:40 UTC
released