Описание
Security update for MozillaFirefox
Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829)
Following security issues were fixed:
- MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback
- MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
- MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
- MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
- MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
- MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG
- MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
- MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers
- MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
- MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools
- MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
- MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
- MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection
- MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing
- MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements
- MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied
This update also fixes:
- fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485)
- The Itanium ia64 build was fixed.
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:2302-1
- E-Mail link for SUSE-SU-2017:2302-1
- SUSE Security Ratings
- SUSE Bug 1031485
- SUSE Bug 1052829
- SUSE CVE CVE-2017-7753 page
- SUSE CVE CVE-2017-7779 page
- SUSE CVE CVE-2017-7782 page
- SUSE CVE CVE-2017-7784 page
- SUSE CVE CVE-2017-7785 page
- SUSE CVE CVE-2017-7786 page
- SUSE CVE CVE-2017-7787 page
- SUSE CVE CVE-2017-7791 page
- SUSE CVE CVE-2017-7792 page
- SUSE CVE CVE-2017-7798 page
- SUSE CVE CVE-2017-7800 page
- SUSE CVE CVE-2017-7801 page
- SUSE CVE CVE-2017-7802 page
- SUSE CVE CVE-2017-7803 page
- SUSE CVE CVE-2017-7804 page
Описание
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7753
- SUSE Bug 1052829
Описание
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7779
- SUSE Bug 1052829
Описание
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7782
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7784
- SUSE Bug 1052829
Описание
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7785
- SUSE Bug 1052829
Описание
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7786
- SUSE Bug 1052829
Описание
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7787
- SUSE Bug 1052829
Описание
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7791
- SUSE Bug 1052829
Описание
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7792
- SUSE Bug 1052829
Описание
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7798
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7800
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7801
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7802
- SUSE Bug 1052829
Описание
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7803
- SUSE Bug 1052829
Описание
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7804
- SUSE Bug 1052829
Описание
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7807
- SUSE Bug 1052829