Debian Linux Security Advisory 3688-1 - Several vulnerabilities were discovered in NSS, the cryptography library developed by the Mozilla project.
b93966cf45b459b94721e41f799657ce1d921ea91d32c39e7fe841f2d97f11e7
Ubuntu Security Notice 2934-1 - Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Thunderbird. Various other issues were also addressed.
1b82ab9e46c4ac83735da4ebe80a00ac45d9d42790929bd0cfc5b0114e1a9c92
Ubuntu Security Notice 2917-3 - USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. Various other issues were also addressed.
4f190a0b3a5329c140efe8e3eb4e0cb1f1beaabfa751c14f762b50fff0465e04
Ubuntu Security Notice 2917-2 - USN-2917-1 fixed vulnerabilities in Firefox. This update caused several regressions that could result in search engine settings being lost, the list of search providers appearing empty or the location bar breaking after typing an invalid URL. This update fixes the problem. Various other issues were also addressed.
f36da0e5e9db6c8e433d61406ed2aa35dd8f3f26d8a337c2a2daff062a748a1d
Red Hat Security Advisory 2016-0495-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
e62e55b7facaf86e4436e3627f2fd1668a6dde632b5a3e0917d5aed3396fa121
Apple Security Advisory 2016-03-21-3 - tvOS 9.2 is now available and addresses code execution, memory corruption, and various other vulnerabilities.
576bf88cd8411520d0b41a89dc0b71a608a7bbddb1b15581478a9131071d23ca
Debian Linux Security Advisory 3520-1 - Multiple security issues have been found in Icedove, Debian's version of integer overflows, buffer overflows and other implementation errors may lead to the execution of arbitrary code or denial of service.
53de96b333ff377c5997fb4d7b6d5264d5653d98b5c2d56677ffc75f61f65361
Debian Linux Security Advisory 3510-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwriting local files.
961e8bbdb6524dd255af4d70d48fae78abd709cc6d7a95dcd0c49607567cfdde
Ubuntu Security Notice 2924-1 - Francis Gabriel discovered that NSS incorrectly handled decoding certain ASN.1 data. An remote attacker could use this issue to cause NSS to crash, resulting in a denial of service, or possibly execute arbitrary code.
561cc6e76e55b23e3dcd1e05ba5c6ec0b2a19ba4451bfeb4f7a9e6ea8498b41b
Ubuntu Security Notice 2917-1 - Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jylanki discovered multiple memory safety issues in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the privileges of the user invoking Firefox. Various other issues were also addressed.
2aa98d4e5a966cde53c7a62ef79cd2e79addf4acbe8fc47a0386bf5144c7ece3
Red Hat Security Advisory 2016-0371-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
2e0eec446d5c37ec18bfd36f9e1e497104c89feb71f55abb8052f1e518e0f0a8
Red Hat Security Advisory 2016-0370-01 - Network Security Services is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library.
439736c920fc79b26c79d0acb788f9eb9941ae2b5c9fdd5b8bcdfe2a10a51ca6