openSUSE-SU-2016:2182-1: moderate: Security update for MozillaFirefox, mozilla-nss

openSUSE Security Update: Security update for MozillaFirefox, mozilla-nss ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2182-1 Rating: moderate References: #990856 #992236 Cross-References: CVE-2016-6354 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for MozillaFirefox, mozilla-nss fixes the following issues: Changes in MozillaFirefox: - Mozilla Firefox 48.0.1: * Fixed an audio regression impacting some major websites (bmo#1295296) * Fix a top crash in the JavaScript engine (bmo#1290469) * Fix a startup crash issue caused by Websense (bmo#1291738) * Fix a different behavior with e10s / non-e10s on <select> and mouse events (bmo#1291078) * Fix a top crash caused by plugin issues (bmo#1264530) * Fix a shutdown issue (bmo#1276920) * Fix a crash in WebRTC - added upstream patch so system plugins/extensions are correctly loaded again on x86-64 (bmo#1282843) - CVE-2016-6354: Fix for possible buffer overrun (boo#990856) Changes in mozilla-nss: - also sign libfreeblpriv3.so to allow FIPS mode again (boo#992236) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-1028=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1028=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (i586 x86_64): MozillaFirefox-48.0.1-30.6 MozillaFirefox-branding-upstream-48.0.1-30.6 MozillaFirefox-buildsymbols-48.0.1-30.6 MozillaFirefox-debuginfo-48.0.1-30.6 MozillaFirefox-debugsource-48.0.1-30.6 MozillaFirefox-devel-48.0.1-30.6 MozillaFirefox-translations-common-48.0.1-30.6 MozillaFirefox-translations-other-48.0.1-30.6 libfreebl3-3.24-26.2 libfreebl3-debuginfo-3.24-26.2 libsoftokn3-3.24-26.2 libsoftokn3-debuginfo-3.24-26.2 mozilla-nss-3.24-26.2 mozilla-nss-certs-3.24-26.2 mozilla-nss-certs-debuginfo-3.24-26.2 mozilla-nss-debuginfo-3.24-26.2 mozilla-nss-debugsource-3.24-26.2 mozilla-nss-devel-3.24-26.2 mozilla-nss-sysinit-3.24-26.2 mozilla-nss-sysinit-debuginfo-3.24-26.2 mozilla-nss-tools-3.24-26.2 mozilla-nss-tools-debuginfo-3.24-26.2 - openSUSE Leap 42.1 (x86_64): libfreebl3-32bit-3.24-26.2 libfreebl3-debuginfo-32bit-3.24-26.2 libsoftokn3-32bit-3.24-26.2 libsoftokn3-debuginfo-32bit-3.24-26.2 mozilla-nss-32bit-3.24-26.2 mozilla-nss-certs-32bit-3.24-26.2 mozilla-nss-certs-debuginfo-32bit-3.24-26.2 mozilla-nss-debuginfo-32bit-3.24-26.2 mozilla-nss-sysinit-32bit-3.24-26.2 mozilla-nss-sysinit-debuginfo-32bit-3.24-26.2 - openSUSE 13.2 (i586 x86_64): MozillaFirefox-48.0.1-77.4 MozillaFirefox-branding-upstream-48.0.1-77.4 MozillaFirefox-buildsymbols-48.0.1-77.4 MozillaFirefox-debuginfo-48.0.1-77.4 MozillaFirefox-debugsource-48.0.1-77.4 MozillaFirefox-devel-48.0.1-77.4 MozillaFirefox-translations-common-48.0.1-77.4 MozillaFirefox-translations-other-48.0.1-77.4 libfreebl3-3.24-43.1 libfreebl3-debuginfo-3.24-43.1 libsoftokn3-3.24-43.1 libsoftokn3-debuginfo-3.24-43.1 mozilla-nss-3.24-43.1 mozilla-nss-certs-3.24-43.1 mozilla-nss-certs-debuginfo-3.24-43.1 mozilla-nss-debuginfo-3.24-43.1 mozilla-nss-debugsource-3.24-43.1 mozilla-nss-devel-3.24-43.1 mozilla-nss-sysinit-3.24-43.1 mozilla-nss-sysinit-debuginfo-3.24-43.1 mozilla-nss-tools-3.24-43.1 mozilla-nss-tools-debuginfo-3.24-43.1 - openSUSE 13.2 (x86_64): libfreebl3-32bit-3.24-43.1 libfreebl3-debuginfo-32bit-3.24-43.1 libsoftokn3-32bit-3.24-43.1 libsoftokn3-debuginfo-32bit-3.24-43.1 mozilla-nss-32bit-3.24-43.1 mozilla-nss-certs-32bit-3.24-43.1 mozilla-nss-certs-debuginfo-32bit-3.24-43.1 mozilla-nss-debuginfo-32bit-3.24-43.1 mozilla-nss-sysinit-32bit-3.24-43.1 mozilla-nss-sysinit-debuginfo-32bit-3.24-43.1 References: https://www.suse.com/security/cve/CVE-2016-6354.html https://bugzilla.suse.com/990856 https://bugzilla.suse.com/992236