Advisories ยป MGASA-2016-0379

Updated nss and firefox packages fix security vulnerabilities

Publication date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-5290 , CVE-2016-5291 , CVE-2016-5296 , CVE-2016-5297 , CVE-2016-9064 , CVE-2016-9066 , CVE-2016-9074


Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066,
CVE-2016-5291, CVE-2016-5290).

A flaw was found in the way Add-on update process was handled by Firefox.
A Man-in-the-Middle attacker could use this flaw to install a malicious
signed add-on update (CVE-2016-9064).

An existing mitigation of timing side-channel attacks in NSS before 3.26.1
is insufficient in some circumstances (CVE-2016-9074).