ALT-BU-2016-3208-1
Branch sisyphus update bulletin.
Package adobe-flash-player-ppapi updated to version 24-alt1 for branch sisyphus in task 174384.
Closed vulnerabilities
BDU:2016-02375
Уязвимость программных платформ Flash Player и Flash Player for Linux, позволяющая нарушителю выполнить произвольный код
BDU:2016-02376
Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты
BDU:2016-02378
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02379
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02380
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02381
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02382
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02383
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02384
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02385
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02386
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
BDU:2016-02387
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02388
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02389
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02390
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2016-02391
Уязвимость программной платформы Flash Player позволяющая нарушителю выполнить произвольный код
BDU:2016-02392
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00010
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00011
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00012
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00013
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00014
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00015
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00016
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00017
Уязвимость программной платформы Flash Player, позволяющая нарушителю повлиять на целостность, доступность и конфиденциальность информации
BDU:2017-00018
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00019
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00020
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00021
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00022
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00023
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00024
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00025
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00026
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00027
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00030
Уязвимость программной платформы Flash Player, позволяющая нарушителю обойти механизм защиты
BDU:2017-00032
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00033
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00034
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00035
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00036
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00037
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
BDU:2017-00038
Уязвимость программной платформы Flash Player, позволяющая нарушителю выполнить произвольный код
Modified: 2024-11-21
CVE-2016-7867
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94871
- 94871
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-622
- http://www.zerodayinitiative.com/advisories/ZDI-16-622
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7868
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94871
- 94871
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-625
- http://www.zerodayinitiative.com/advisories/ZDI-16-625
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7869
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94871
- 94871
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-624
- http://www.zerodayinitiative.com/advisories/ZDI-16-624
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7870
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94871
- 94871
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-623
- http://www.zerodayinitiative.com/advisories/ZDI-16-623
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7871
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94866
- 94866
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-627
- http://www.zerodayinitiative.com/advisories/ZDI-16-627
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7872
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation levels. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-626
- http://www.zerodayinitiative.com/advisories/ZDI-16-626
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7873
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94866
- 94866
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7874
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94866
- 94866
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7875
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94866
- 94866
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-621
- http://www.zerodayinitiative.com/advisories/ZDI-16-621
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7876
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94866
- 94866
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7877
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7878
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-620
- http://www.zerodayinitiative.com/advisories/ZDI-16-620
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7879
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- http://www.zerodayinitiative.com/advisories/ZDI-16-619
- http://www.zerodayinitiative.com/advisories/ZDI-16-619
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7880
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7881
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94873
- 94873
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2024-11-21
CVE-2016-7890
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy.
- SUSE-SU-2016:3148
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- RHSA-2016:2947
- 94870
- 94870
- 1037442
- 1037442
- MS16-154
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- GLSA-201701-17
Modified: 2025-02-14
CVE-2016-7892
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Successful exploitation could lead to arbitrary code execution.
- SUSE-SU-2016:3148
- openSUSE-SU-2016:3160
- RHSA-2016:2947
- 94877
- 1037442
- MS16-154
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- GLSA-201701-17
- SUSE-SU-2016:3148
- GLSA-201701-17
- https://helpx.adobe.com/security/products/flash-player/apsb16-39.html
- MS16-154
- 1037442
- 94877
- RHSA-2016:2947
- openSUSE-SU-2016:3160
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9080
Memory safety bugs were reported in Firefox 50.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1.
Modified: 2024-11-21
CVE-2016-9893
Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1319524%2C1298773%2C1299098%2C1309834%2C1312609%2C1313212%2C1317805%2C1312548%2C1315631%2C1287912
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9894
A buffer overflow in SkiaGl caused when a GrGLBuffer is truncated during allocation. Later writers will overflow the buffer, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.1.
Modified: 2024-11-21
CVE-2016-9895
Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
- https://bugzilla.mozilla.org/show_bug.cgi?id=1312272
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9896
Use-after-free while manipulating the "navigator" object within WebVR. Note: WebVR is not currently enabled by default. This vulnerability affects Firefox < 50.1.
Modified: 2024-11-21
CVE-2016-9897
Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
- https://bugzilla.mozilla.org/show_bug.cgi?id=1301381
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9898
Use-after-free resulting in potentially exploitable crash when manipulating DOM subtrees in the Editor. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
- https://bugzilla.mozilla.org/show_bug.cgi?id=1314442
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9899
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
- https://bugzilla.mozilla.org/show_bug.cgi?id=1317409
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- 41042
- 41042
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9900
External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
- https://bugzilla.mozilla.org/show_bug.cgi?id=1319122
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Modified: 2024-11-21
CVE-2016-9901
HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320057
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
Modified: 2024-11-21
CVE-2016-9902
The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note: this issue does not affect users with e10s enabled. This vulnerability affects Firefox ESR < 45.6 and Firefox < 50.1.
- RHSA-2016:2946
- RHSA-2016:2946
- RHSA-2016:2973
- RHSA-2016:2973
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
- https://bugzilla.mozilla.org/show_bug.cgi?id=1320039
- GLSA-201701-15
- GLSA-201701-15
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
Modified: 2024-11-21
CVE-2016-9903
Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerability affects Firefox < 50.1.
Modified: 2024-11-21
CVE-2016-9904
An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.
- RHSA-2016:2946
- RHSA-2016:2946
- 94885
- 94885
- 1037461
- 1037461
- https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
- https://bugzilla.mozilla.org/show_bug.cgi?id=1317936
- GLSA-201701-15
- GLSA-201701-15
- DSA-3757
- DSA-3757
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-94/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-95/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
- https://www.mozilla.org/security/advisories/mfsa2016-96/
Closed bugs
Ругань перла
i586: fts_read: Value too large for defined data type