MGASA-2016-0379
- Source
- https://advisories.mageia.org/MGASA-2016-0379.html
- Import Source
- https://advisories.mageia.org/MGASA-2016-0379.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2016-0379
- Related
- Published
- 2016-11-17T14:10:52Z
- Modified
- 2016-11-17T13:59:24Z
- Summary
- Updated nss and firefox packages fix security vulnerabilities
- Details
-
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066, CVE-2016-5291, CVE-2016-5290).
A flaw was found in the way Add-on update process was handled by Firefox. A Man-in-the-Middle attacker could use this flaw to install a malicious signed add-on update (CVE-2016-9064).
An existing mitigation of timing side-channel attacks in NSS before 3.26.1 is insufficient in some circumstances (CVE-2016-9074).
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / firefox
Package
- Name
- firefox
- Purl
- pkg:rpm/mageia/firefox?distro=mageia-5
Mageia:5 / firefox-l10n
Package
- Name
- firefox-l10n
- Purl
- pkg:rpm/mageia/firefox-l10n?distro=mageia-5
Mageia:5 / nss
Package
- Name
- nss
- Purl
- pkg:rpm/mageia/nss?distro=mageia-5
Mageia:5 / rootcerts
Package
- Name
- rootcerts
- Purl
- pkg:rpm/mageia/rootcerts?distro=mageia-5
Mageia:5 / nspr
Package
- Name
- nspr
- Purl
- pkg:rpm/mageia/nspr?distro=mageia-5