Security update for MozillaFirefox, mozilla-nss SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2861-1 Final 1 1 2016-11-18T12:23:04Z current 2016-11-18T12:23:04Z 2016-11-18T12:23:04Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox, mozilla-nss This update to Mozilla Firefox 50.0 fixes a number of security issues. The following vulnerabilities were fixed in Mozilla Firefox (MFSA 2016-89): - CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1 (bmo#1292443) - CVE-2016-5292: URL parsing causes crash (bmo#1288482) - CVE-2016-5297: Incorrect argument length checking in Javascript (bmo#1303678) - CVE-2016-9064: Addons update must verify IDs match between current and new versions (bmo#1303418) - CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler (bmo#1299686) - CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore (bmo#1301777, bmo#1308922 (CVE-2016-9069)) - CVE-2016-9068: heap-use-after-free in nsRefreshDriver (bmo#1302973) - CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges (bmo#1295324) - CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them (bmo#1298552) - CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file (bmo#1292159) - CVE-2016-9070: Sidebar bookmark can have reference to chrome window (bmo#1281071) - CVE-2016-9073: windows.create schema doesn't specify 'format': 'relativeUrl' (bmo#1289273) - CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s (bmo#1276976) - CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in expat (bmo#1274777) - CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP (bmo#1285003) - CVE-2016-5289: Memory safety bugs fixed in Firefox 50 - CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5 The following vulnerabilities were fixed in Mozilla NSS 3.26.1: - CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler (bmo#1293334) Mozilla Firefox now requires mozilla-nss 3.26.2. New features in Mozilla Firefox: - Updates to keyboard shortcuts Set a preference to have Ctrl+Tab cycle through tabs in recently used order View a page in Reader Mode by using Ctrl+Alt+R - Added option to Find in page that allows users to limit search to whole words only - Added download protection for a large number of executable file types on Windows, Mac and Linux - Fixed rendering of dashed and dotted borders with rounded corners (border-radius) - Added a built-in Emoji set for operating systems without native Emoji fonts - Blocked versions of libavcodec older than 54.35.1 - additional locale mozilla-nss was updated to 3.26.2, incorporating the following changes: - the selfserv test utility has been enhanced to support ALPN (HTTP/1.1) and 0-RTT - The following CA certificate was added: CN = ISRG Root X1 - NPN is disabled and ALPN is enabled by default - MD5 signature algorithms sent by the server in CertificateRequest messages are now properly ignored The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html E-Mail link for openSUSE-SU-2016:2861-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 MozillaFirefox-50.0-39.2 MozillaFirefox-branding-upstream-50.0-39.2 MozillaFirefox-buildsymbols-50.0-39.2 MozillaFirefox-devel-50.0-39.2 MozillaFirefox-translations-common-50.0-39.2 MozillaFirefox-translations-other-50.0-39.2 libfreebl3-3.26.2-32.1 libfreebl3-32bit-3.26.2-32.1 libsoftokn3-3.26.2-32.1 libsoftokn3-32bit-3.26.2-32.1 mozilla-nss-3.26.2-32.1 mozilla-nss-32bit-3.26.2-32.1 mozilla-nss-certs-3.26.2-32.1 mozilla-nss-certs-32bit-3.26.2-32.1 mozilla-nss-devel-3.26.2-32.1 mozilla-nss-sysinit-3.26.2-32.1 mozilla-nss-sysinit-32bit-3.26.2-32.1 mozilla-nss-tools-3.26.2-32.1 MozillaFirefox-50.0-39.2 as a component of openSUSE Leap 42.1 MozillaFirefox-branding-upstream-50.0-39.2 as a component of openSUSE Leap 42.1 MozillaFirefox-buildsymbols-50.0-39.2 as a component of openSUSE Leap 42.1 MozillaFirefox-devel-50.0-39.2 as a component of openSUSE Leap 42.1 MozillaFirefox-translations-common-50.0-39.2 as a component of openSUSE Leap 42.1 MozillaFirefox-translations-other-50.0-39.2 as a component of openSUSE Leap 42.1 libfreebl3-3.26.2-32.1 as a component of openSUSE Leap 42.1 libfreebl3-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.1 libsoftokn3-3.26.2-32.1 as a component of openSUSE Leap 42.1 libsoftokn3-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-certs-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-certs-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-devel-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-sysinit-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-sysinit-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.1 mozilla-nss-tools-3.26.2-32.1 as a component of openSUSE Leap 42.1 MozillaFirefox-50.0-39.2 as a component of openSUSE Leap 42.2 MozillaFirefox-branding-upstream-50.0-39.2 as a component of openSUSE Leap 42.2 MozillaFirefox-buildsymbols-50.0-39.2 as a component of openSUSE Leap 42.2 MozillaFirefox-devel-50.0-39.2 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-common-50.0-39.2 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-other-50.0-39.2 as a component of openSUSE Leap 42.2 libfreebl3-3.26.2-32.1 as a component of openSUSE Leap 42.2 libfreebl3-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.2 libsoftokn3-3.26.2-32.1 as a component of openSUSE Leap 42.2 libsoftokn3-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-certs-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-certs-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-devel-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-sysinit-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-sysinit-32bit-3.26.2-32.1 as a component of openSUSE Leap 42.2 mozilla-nss-tools-3.26.2-32.1 as a component of openSUSE Leap 42.2 Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50. CVE-2016-5289 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5289.html CVE-2016-5289 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010426 SUSE Bug 1010426 Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5290 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5290.html CVE-2016-5290 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010427 SUSE Bug 1010427 A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5291 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5291.html CVE-2016-5291 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010410 SUSE Bug 1010410 During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50. CVE-2016-5292 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5292.html CVE-2016-5292 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010399 SUSE Bug 1010399 A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5296 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5296.html CVE-2016-5296 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010395 SUSE Bug 1010395 An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-5297 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-5297.html CVE-2016-5297 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010401 SUSE Bug 1010401 An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50. CVE-2016-9063 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9063.html CVE-2016-9063 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010424 SUSE Bug 1010424 https://bugzilla.suse.com/1047240 SUSE Bug 1047240 https://bugzilla.suse.com/1123115 SUSE Bug 1123115 Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate pinning protection could provide a malicious signed add-on instead of a valid update. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. CVE-2016-9064 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9064.html CVE-2016-9064 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010402 SUSE Bug 1010402 A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-9066 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9066.html CVE-2016-9066 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010404 SUSE Bug 1010404 Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. CVE-2016-9067 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9067.html CVE-2016-9067 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010405 SUSE Bug 1010405 A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50. CVE-2016-9068 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9068.html CVE-2016-9068 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010406 SUSE Bug 1010406 A use-after-free in nsINode::ReplaceOrInsertBefore during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50. CVE-2016-9069 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9069.html CVE-2016-9069 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010405 SUSE Bug 1010405 A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50. CVE-2016-9070 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9070.html CVE-2016-9070 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010420 SUSE Bug 1010420 Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50. CVE-2016-9071 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 low 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9071.html CVE-2016-9071 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010425 SUSE Bug 1010425 WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50. CVE-2016-9073 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9073.html CVE-2016-9073 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010421 SUSE Bug 1010421 An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. CVE-2016-9074 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4 AV:N/AC:H/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9074.html CVE-2016-9074 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010422 SUSE Bug 1010422 An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission. This vulnerability affects Firefox < 50. CVE-2016-9075 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 4.6 AV:N/AC:H/Au:S/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9075.html CVE-2016-9075 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010408 SUSE Bug 1010408 An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50. CVE-2016-9076 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9076.html CVE-2016-9076 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010423 SUSE Bug 1010423 Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulnerability affects Firefox < 50. CVE-2016-9077 openSUSE Leap 42.1:MozillaFirefox-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.1:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.1:libfreebl3-3.26.2-32.1 openSUSE Leap 42.1:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.1:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.1:mozilla-nss-tools-3.26.2-32.1 openSUSE Leap 42.2:MozillaFirefox-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-devel-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-common-50.0-39.2 openSUSE Leap 42.2:MozillaFirefox-translations-other-50.0-39.2 openSUSE Leap 42.2:libfreebl3-3.26.2-32.1 openSUSE Leap 42.2:libfreebl3-32bit-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-3.26.2-32.1 openSUSE Leap 42.2:libsoftokn3-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-certs-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-devel-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-sysinit-32bit-3.26.2-32.1 openSUSE Leap 42.2:mozilla-nss-tools-3.26.2-32.1 moderate 2.6 AV:N/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2016-11/msg00033.html https://www.suse.com/security/cve/CVE-2016-9077.html CVE-2016-9077 https://bugzilla.suse.com/1009026 SUSE Bug 1009026 https://bugzilla.suse.com/1010409 SUSE Bug 1010409