Operating System:

[Debian]

Published:

04 August 2016

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2016.1886 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2016.1886
                        firefox-esr security update
                               4 August 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           firefox-esr
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Access Privileged Data          -- Remote with User Interaction
                   Modify Arbitrary Files          -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
                   Provide Misleading Information  -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2016-5265 CVE-2016-5264 CVE-2016-5263
                   CVE-2016-5262 CVE-2016-5259 CVE-2016-5258
                   CVE-2016-5254 CVE-2016-5252 CVE-2016-2838
                   CVE-2016-2837 CVE-2016-2836 CVE-2016-2830

Reference:         ASB-2016.0081

Original Bulletin: 
   http://www.debian.org/security/2016/dsa-3640

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3640-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 03, 2016                       https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : firefox-esr
CVE ID         : CVE-2016-2830 CVE-2016-2836 CVE-2016-2837 CVE-2016-2838 
                 CVE-2016-5252 CVE-2016-5254 CVE-2016-5258 CVE-2016-5259
                 CVE-2016-5262 CVE-2016-5263 CVE-2016-5264 CVE-2016-5265

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, buffer overflows and other
implementation errors may lead to the execution of arbitrary code,
cross-site scriping, information disclosure and bypass of the same-origin
policy.

For the stable distribution (jessie), these problems have been fixed in
version 45.3.0esr-1~deb8u1.

For the unstable distribution (sid), these problems have been fixed in
version 45.3.0esr-1 for firefox-esr and 48.0-1 for firefox.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJXoj+gAAoJEBDCk7bDfE42uZ8QAK5N7jHL0/i0kqq6KyMGXSbm
TJmfHbBior10+oZNDLsxvQC7FdllnLgZKmB62zk2jeYVflJz2aseJVZnGEkLNt0s
vjVH28D/4ei8AsjVjNzkdYxzn3mrBwakK4n6K2O+JDZH8lBfTNDIuaT7nQRysVqd
vkrF3LZ+lfTFAukvI+24OZ8OTFjW4vUbGzdFi2dNMXNLD3nJ0JHifghyuRV2kXTv
ZiQqmtBu2+PzqCZzrpYPHdzHgKSpxgM/9qHvZjDe8dXgklG2xgthT73Y50kl3tBg
fnfbhckUqvf8s0QKoc+BjCUcuMRwB/L07EfPFlDbXn1B6c1v17eQ8JKGhOouLedb
icXQGkgqsmf1iOgyQxcaZOeuLwK9DIZ8S0WX6R1x3b0CmGQkOHHo+hj1kD69xhFg
/CBCs++L+77L3MFmfIGSH7gadMKfVqwC7qD66K6M5eQxbs3d1pjiN+SxhQYfaM1a
ARY3R11EvfKvNBkbCJT0xQjY8TZs0OxmYGOvAYcri/aX84BgsuZKV40ms/QxbgQ4
Fu+8Jtkl5Pr6gKnnvwPLU812TIZmdx9oTxh3XUu6wKQOSPVsVr4xZ9n2TtyOr5Rb
CIhmRHnZv8E7G/52AbSBbLYAHH7z8BqhMnCQbwhmRUnmo/p5tDNgD9Sj/KvLJOLm
VapTrU7Wjavgw70zvaFa
=wtjs
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV6K944x+lLeg9Ub1AQgBoxAArVIS1abvm04qZoZbaZfMbzWe6FU2qPIx
YRGGjbTZDm3CrfMCecPMDOrxa98v5K2jbNH/HY1MpDst6M6B3rICctS3BL0ldh2D
kI3ZG6eLwjwTxWBeE8qW9FE19vzE3/DxUGb37pCyreGTeQp+f18uTS8tqIWEeg9m
necIol2yE6u9Vk2dHyLQIrDQBOEWSmP02HG+Sk0+ok2L53RQSyhrjOERPKK7jNvL
K6RkQ8ixoT4mmC4yapFBs+e+cmgDTVRDHoA5+N0JBHF8fL5NyTFRcPZDH4babsXY
IoRY7b2+hLmSUK6k7RdyHBjm6/JKIo6U0GOMw+5LkQaAf4sMd2naiNV9U3Z08Et/
8gwN8WryzL+GedUqCuq4cToJu565QSv3DLze4XZIpLhXnhjxMyxYjeXqwFDXKGDq
JaA3tGQZ2er6aKUH1g1FNe9JVc19NUQP+R08M7DBYEcSo49KcRg6MPu/Ws/JXJjc
1stvdYb1Hvi38V8cZhiW2QrofgCrmPDWtho0o4AjjCxWMzJZZZv2ORMMC5aD2S1V
GmC9C7F3rB7si3mV4svM3iktU8A6neuY62AzpSJ5j5so6Kby8ui95dWlWK8/1xYb
gfBFBmr6cH9+9Y17/r2eAPCgxHI8wZw3tFovBx9t6oXO7jXoADmj3rsduH8+tyJi
QJqmCt417l8=
=yS6G
-----END PGP SIGNATURE-----