Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2016.1886 firefox-esr security update 4 August 2016 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: firefox-esr Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Privileged Data -- Remote with User Interaction Modify Arbitrary Files -- Remote with User Interaction Cross-site Scripting -- Remote with User Interaction Denial of Service -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2016-5265 CVE-2016-5264 CVE-2016-5263 CVE-2016-5262 CVE-2016-5259 CVE-2016-5258 CVE-2016-5254 CVE-2016-5252 CVE-2016-2838 CVE-2016-2837 CVE-2016-2836 CVE-2016-2830 Reference: ASB-2016.0081 Original Bulletin: http://www.debian.org/security/2016/dsa-3640 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3640-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 03, 2016 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : firefox-esr CVE ID : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265 Multiple security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows and other implementation errors may lead to the execution of arbitrary code, cross-site scriping, information disclosure and bypass of the same-origin policy. For the stable distribution (jessie), these problems have been fixed in version 45.3.0esr-1~deb8u1. For the unstable distribution (sid), these problems have been fixed in version 45.3.0esr-1 for firefox-esr and 48.0-1 for firefox. We recommend that you upgrade your firefox-esr packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJXoj+gAAoJEBDCk7bDfE42uZ8QAK5N7jHL0/i0kqq6KyMGXSbm TJmfHbBior10+oZNDLsxvQC7FdllnLgZKmB62zk2jeYVflJz2aseJVZnGEkLNt0s vjVH28D/4ei8AsjVjNzkdYxzn3mrBwakK4n6K2O+JDZH8lBfTNDIuaT7nQRysVqd vkrF3LZ+lfTFAukvI+24OZ8OTFjW4vUbGzdFi2dNMXNLD3nJ0JHifghyuRV2kXTv ZiQqmtBu2+PzqCZzrpYPHdzHgKSpxgM/9qHvZjDe8dXgklG2xgthT73Y50kl3tBg fnfbhckUqvf8s0QKoc+BjCUcuMRwB/L07EfPFlDbXn1B6c1v17eQ8JKGhOouLedb icXQGkgqsmf1iOgyQxcaZOeuLwK9DIZ8S0WX6R1x3b0CmGQkOHHo+hj1kD69xhFg /CBCs++L+77L3MFmfIGSH7gadMKfVqwC7qD66K6M5eQxbs3d1pjiN+SxhQYfaM1a ARY3R11EvfKvNBkbCJT0xQjY8TZs0OxmYGOvAYcri/aX84BgsuZKV40ms/QxbgQ4 Fu+8Jtkl5Pr6gKnnvwPLU812TIZmdx9oTxh3XUu6wKQOSPVsVr4xZ9n2TtyOr5Rb CIhmRHnZv8E7G/52AbSBbLYAHH7z8BqhMnCQbwhmRUnmo/p5tDNgD9Sj/KvLJOLm VapTrU7Wjavgw70zvaFa =wtjs - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBV6K944x+lLeg9Ub1AQgBoxAArVIS1abvm04qZoZbaZfMbzWe6FU2qPIx YRGGjbTZDm3CrfMCecPMDOrxa98v5K2jbNH/HY1MpDst6M6B3rICctS3BL0ldh2D kI3ZG6eLwjwTxWBeE8qW9FE19vzE3/DxUGb37pCyreGTeQp+f18uTS8tqIWEeg9m necIol2yE6u9Vk2dHyLQIrDQBOEWSmP02HG+Sk0+ok2L53RQSyhrjOERPKK7jNvL K6RkQ8ixoT4mmC4yapFBs+e+cmgDTVRDHoA5+N0JBHF8fL5NyTFRcPZDH4babsXY IoRY7b2+hLmSUK6k7RdyHBjm6/JKIo6U0GOMw+5LkQaAf4sMd2naiNV9U3Z08Et/ 8gwN8WryzL+GedUqCuq4cToJu565QSv3DLze4XZIpLhXnhjxMyxYjeXqwFDXKGDq JaA3tGQZ2er6aKUH1g1FNe9JVc19NUQP+R08M7DBYEcSo49KcRg6MPu/Ws/JXJjc 1stvdYb1Hvi38V8cZhiW2QrofgCrmPDWtho0o4AjjCxWMzJZZZv2ORMMC5aD2S1V GmC9C7F3rB7si3mV4svM3iktU8A6neuY62AzpSJ5j5so6Kby8ui95dWlWK8/1xYb gfBFBmr6cH9+9Y17/r2eAPCgxHI8wZw3tFovBx9t6oXO7jXoADmj3rsduH8+tyJi QJqmCt417l8= =yS6G -----END PGP SIGNATURE-----