{"id":"MGASA-2016-0379","summary":"Updated nss and firefox packages fix security vulnerabilities","details":"Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox (CVE-2016-5296, CVE-2016-5297, CVE-2016-9066,\nCVE-2016-5291, CVE-2016-5290).\n\nA flaw was found in the way Add-on update process was handled by Firefox.\nA Man-in-the-Middle attacker could use this flaw to install a malicious\nsigned add-on update (CVE-2016-9064).\n\nAn existing mitigation of timing side-channel attacks in NSS before 3.26.1\nis insufficient in some circumstances (CVE-2016-9074).\n","modified":"2026-04-16T01:47:53.834632596Z","published":"2016-11-17T14:10:52Z","upstream":["CVE-2016-5290","CVE-2016-5291","CVE-2016-5296","CVE-2016-5297","CVE-2016-9064","CVE-2016-9066","CVE-2016-9074"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0379.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19789"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2016-2780.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0379.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.5.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0379.json"}},{"package":{"name":"nss","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.27.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0379.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20160922.00-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0379.json"}},{"package":{"name":"nspr","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nspr?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.13.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0379.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}