Описание
Security update for MozillaFirefox
This update for MozillaFirefox to ESR 52.3 fixes several issues.
These security issues were fixed:
- CVE-2017-7807 Domain hijacking through AppCache fallback (bsc#1052829)
- CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts (bsc#1052829)
- CVE-2017-7792 Buffer overflow viewing certificates with an extremely long OID (bsc#1052829)
- CVE-2017-7782 WindowsDllDetourPatcher allocates memory without DEP protections (bsc#1052829)
- CVE-2017-7787 Same-origin policy bypass with iframes through page reloads (bsc#1052829)
- CVE-2017-7786 Buffer overflow while painting non-displayable SVG (bsc#1052829)
- CVE-2017-7785 Buffer overflow manipulating ARIA attributes in DOM (bsc#1052829)
- CVE-2017-7784 Use-after-free with image observers (bsc#1052829)
- CVE-2017-7753 Out-of-bounds read with cached style data and pseudo-elements (bsc#1052829)
- CVE-2017-7798 XUL injection in the style editor in devtools (bsc#1052829)
- CVE-2017-7804 Memory protection bypass through WindowsDllDetourPatcher (bsc#1052829)
- CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (bsc#1052829)
- CVE-2017-7800 Use-after-free in WebSockets during disconnection (bsc#1052829)
- CVE-2017-7801 Use-after-free with marquee during window resizing (bsc#1052829)
- CVE-2017-7802 Use-after-free resizing image elements (bsc#1052829)
- CVE-2017-7803 CSP containing 'sandbox' improperly applied (bsc#1052829)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12-LTSS
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE OpenStack Cloud 6
Ссылки
- Link for SUSE-SU-2017:2589-1
- E-Mail link for SUSE-SU-2017:2589-1
- SUSE Security Ratings
- SUSE Bug 1052829
- SUSE CVE CVE-2017-7753 page
- SUSE CVE CVE-2017-7779 page
- SUSE CVE CVE-2017-7782 page
- SUSE CVE CVE-2017-7784 page
- SUSE CVE CVE-2017-7785 page
- SUSE CVE CVE-2017-7786 page
- SUSE CVE CVE-2017-7787 page
- SUSE CVE CVE-2017-7791 page
- SUSE CVE CVE-2017-7792 page
- SUSE CVE CVE-2017-7798 page
- SUSE CVE CVE-2017-7800 page
- SUSE CVE CVE-2017-7801 page
- SUSE CVE CVE-2017-7802 page
- SUSE CVE CVE-2017-7803 page
- SUSE CVE CVE-2017-7804 page
- SUSE CVE CVE-2017-7807 page
Описание
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7753
- SUSE Bug 1052829
Описание
Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7779
- SUSE Bug 1052829
Описание
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7782
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7784
- SUSE Bug 1052829
Описание
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7785
- SUSE Bug 1052829
Описание
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7786
- SUSE Bug 1052829
Описание
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7787
- SUSE Bug 1052829
Описание
On pages containing an iframe, the "data:" protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7791
- SUSE Bug 1052829
Описание
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7792
- SUSE Bug 1052829
Описание
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool. This vulnerability affects Firefox ESR < 52.3 and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7798
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7800
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur while re-computing layout for a "marquee" element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7801
- SUSE Bug 1052829
Описание
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7802
- SUSE Bug 1052829
Описание
When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7803
- SUSE Bug 1052829
Описание
The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7804
- SUSE Bug 1052829
Описание
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
Затронутые продукты
Ссылки
- CVE-2017-7807
- SUSE Bug 1052829