Bugzilla – Bug 983655
VUL-0: CVE-2016-2819: MozillaFirefox: Buffer overflow parsing HTML5 fragments (MFSA 2016-50)
Last modified: 2020-04-05 18:22:33 UTC
https://www.mozilla.org/en-US/security/advisories/mfsa2016-50/ Mozilla Foundation Security Advisory 2016-50 Buffer overflow parsing HTML5 fragments Announced June 7, 2016 Reporter firehack Impact Critical Products Firefox, Firefox ESR Fixed in Firefox 47 Firefox ESR 45.2 Description Security researcher firehack reported a buffer overflow when parsing HTML5 fragments in a foreign context such as under an <svg> node. This results in a potentially exploitable crash when inserting an HTML fragment into an existing document. References HTML5 parser heap-buffer-overflow (CVE-2016-2819)
This is an autogenerated message for OBS integration: This bug (983655) was mentioned in https://build.opensuse.org/request/show/400713 Factory / MozillaFirefox https://build.opensuse.org/request/show/400714 42.1 / MozillaFirefox https://build.opensuse.org/request/show/400716 13.2 / MozillaFirefox https://build.opensuse.org/request/show/400718 13.1 / MozillaFirefox
bugbot adjusting priority
openSUSE-SU-2016:1552-1: An update that solves 13 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE Leap 42.1 (src): MozillaFirefox-47.0-24.1, mozilla-nss-3.23-18.1 openSUSE 13.2 (src): MozillaFirefox-47.0-71.1, mozilla-nss-3.23-34.1
openSUSE-SU-2016:1557-1: An update that solves 14 vulnerabilities and has one errata is now available. Category: security (important) Bug References: 980384,981695,983549,983632,983638,983639,983640,983643,983644,983646,983649,983651,983652,983653,983655 CVE References: CVE-2016-1950,CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2825,CVE-2016-2828,CVE-2016-2829,CVE-2016-2831,CVE-2016-2832,CVE-2016-2833,CVE-2016-2834 Sources used: openSUSE 13.1 (src): MozillaFirefox-47.0-116.1, mozilla-nss-3.23-80.1
This is an autogenerated message for OBS integration: This bug (983655) was mentioned in https://build.opensuse.org/request/show/402575 42.2 / MozillaFirefox
This is an autogenerated message for OBS integration: This bug (983655) was mentioned in https://build.opensuse.org/request/show/402737 42.2 / MozillaFirefox
SUSE-SU-2016:1691-1: An update that solves 9 vulnerabilities and has four fixes is now available. Category: security (important) Bug References: 982366,983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,984126,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Software Development Kit 12 (src): MozillaFirefox-45.2.0esr-75.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Server 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12-SP1 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2 SUSE Linux Enterprise Desktop 12 (src): MozillaFirefox-45.2.0esr-75.2, MozillaFirefox-branding-SLE-45.0-28.2, mozilla-nspr-4.12-15.2, mozilla-nss-3.21.1-46.2
SUSE-SU-2016:1799-1: An update that solves 9 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2831,CVE-2016-2834 Sources used: SUSE OpenStack Cloud 5 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager Proxy 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Manager 2.1 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): MozillaFirefox-45.2.0esr-45.2, MozillaFirefox-branding-SLED-45.0-23.10, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): MozillaFirefox-45.2.0esr-45.2, firefox-fontconfig-2.11.0-2.1, mozilla-nspr-4.12-29.1, mozilla-nss-3.21.1-35.1
SUSE-SU-2016:2061-1: An update that fixes 24 vulnerabilities is now available. Category: security (important) Bug References: 983549,983638,983639,983643,983646,983651,983652,983653,983655,984006,985659,989196,990628,990856,991809 CVE References: CVE-2016-2815,CVE-2016-2818,CVE-2016-2819,CVE-2016-2821,CVE-2016-2822,CVE-2016-2824,CVE-2016-2828,CVE-2016-2830,CVE-2016-2831,CVE-2016-2834,CVE-2016-2835,CVE-2016-2836,CVE-2016-2837,CVE-2016-2838,CVE-2016-2839,CVE-2016-5252,CVE-2016-5254,CVE-2016-5258,CVE-2016-5259,CVE-2016-5262,CVE-2016-5263,CVE-2016-5264,CVE-2016-5265,CVE-2016-6354 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): MozillaFirefox-45.3.0esr-48.1, MozillaFirefox-branding-SLED-45.0-20.38, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2 SUSE Linux Enterprise Debuginfo 11-SP2 (src): MozillaFirefox-45.3.0esr-48.1, firefox-fontconfig-2.11.0-4.2, mozilla-nspr-4.12-25.2, mozilla-nss-3.21.1-26.2
released