Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » LM16-0039

Overview

Id LM16-0039
Name Mozilla Firefox 38.8.0 ESR for Mac OS X (See Notes)
Vendor Name mozilla
Product Firefox (ESR)
Content Type Critical - 05 Critical - 05
Language(s)
Operating System(s) OSX 
Released On 26 Apr 2016 12:00:00

LM16-0039

Mozilla Firefox 38.8.0 ESR for Mac OS X (See Notes)

Vendor Name

mozilla

Product

Firefox (ESR)

Released On

26 Apr 2016 12:00:00

Url

http://www.mozilla.org/firefox/38.8.0/releasenotes/

Description

Mozilla Firefox Extended Support Release (ESR) is a web browser provided by the Mozilla Corporation with a more controlled release cycle.

Firefox 38.8.0 ESR addresses the following security issues:

  • MFSA 2016-47 Write to invalid HashMap entry through JavaScript.watch()
  • MFSA 2016-44 Buffer overflow in libstagefright with CENC offsets
  • MFSA 2016-39 Miscellaneous memory safety hazards (rv:46.0 / rv:45.1 / rv:38.8)
  • MFSA 2016-36 Use-after-free during processing of DER encoded keys in NSS
  • MFSA 2016-29 Same-origin policy violation using performance.getEntries and history navigation with session restore
  • MFSA 2016-15 Use-after-free in NSS during SSL connections in low memory
  • MFSA 2016-07 Errors in mp_div and mp_exptmod cryptographic functions in NSS

  • Notes:
  • Detection and deployment only support Firefox.app installed in the current system volume's Applications folder
  • Deployment while Firefox is running will not update the current browser session; the user may re-launch Firefox in order to complete the update


  • Related Resources

    Related Vulnerabilities

    None

    Related Patches

    None

    Superseded Patches


    Last Updated: 27 May 2016 11:23:35