Security update for Firefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2167-1 Final 1 1 2016-08-27T13:44:40Z current 2016-08-27T13:44:40Z 2016-08-27T13:44:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Firefox This update includes Firefox 48.0.1 to fix a few regressions and a security issue: * Fix an audio regression impacting some major websites * Fix a top crash in the JavaScript engine * Fix a startup crash issue caused by Websense * Fix a different behavior with e10s / non-e10s on select and mouse events * Fix a top crash caused by plugin issues * Fix a shutdown issue * Fix a crash in WebRTC - added upstream patch so system plugins/extensions are correctly loaded again on x86-64 - Fix for possible buffer overrun The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-08/msg00104.html E-Mail link for openSUSE-SU-2016:2167-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings MozillaFirefox-48.0.1-122.3 MozillaFirefox-branding-upstream-48.0.1-122.3 MozillaFirefox-buildsymbols-48.0.1-122.3 MozillaFirefox-devel-48.0.1-122.3 MozillaFirefox-translations-common-48.0.1-122.3 MozillaFirefox-translations-other-48.0.1-122.3 libfreebl3-3.24-88.1 libfreebl3-32bit-3.24-88.1 libsoftokn3-3.24-88.1 libsoftokn3-32bit-3.24-88.1 mozilla-nss-3.24-88.1 mozilla-nss-32bit-3.24-88.1 mozilla-nss-certs-3.24-88.1 mozilla-nss-certs-32bit-3.24-88.1 mozilla-nss-devel-3.24-88.1 mozilla-nss-sysinit-3.24-88.1 mozilla-nss-sysinit-32bit-3.24-88.1 mozilla-nss-tools-3.24-88.1 Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. CVE-2016-6354 low 1.9 AV:L/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-08/msg00104.html https://www.suse.com/security/cve/CVE-2016-6354.html CVE-2016-6354 https://bugzilla.suse.com/1026047 SUSE Bug 1026047 https://bugzilla.suse.com/1035082 SUSE Bug 1035082 https://bugzilla.suse.com/1035209 SUSE Bug 1035209 https://bugzilla.suse.com/990856 SUSE Bug 990856