Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:3213-1

Опубликовано: 05 дек. 2017
Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox ESR 52.5 fixes the following issues:

Security issues fixed:

  • CVE-2017-7826: Memory safety bugs fixed (bsc#1068101).
  • CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101).
  • CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101).

Mozilla Foundation Security Advisory (MFSA 2017-25):

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server 12 SP1-LTSS
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-devel-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server 12 SP2
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server 12 SP3
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server 12-LTSS
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-devel-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-devel-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Software Development Kit 12 SP2
MozillaFirefox-devel-52.5.0esr-109.9.1
SUSE Linux Enterprise Software Development Kit 12 SP3
MozillaFirefox-devel-52.5.0esr-109.9.1
SUSE OpenStack Cloud 6
MozillaFirefox-52.5.0esr-109.9.1
MozillaFirefox-devel-52.5.0esr-109.9.1
MozillaFirefox-translations-52.5.0esr-109.9.1

Ссылки

Описание

Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-52.5.0esr-109.9.1
Ссылки

Описание

A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-52.5.0esr-109.9.1
Ссылки

Описание

The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP2:MozillaFirefox-translations-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-52.5.0esr-109.9.1
SUSE Linux Enterprise Desktop 12 SP3:MozillaFirefox-translations-52.5.0esr-109.9.1
Ссылки
Уязвимость SUSE-SU-2017:3213-1