Описание
Security update for MozillaFirefox
This update for MozillaFirefox ESR 52.5 fixes the following issues:
Security issues fixed:
- CVE-2017-7826: Memory safety bugs fixed (bsc#1068101).
- CVE-2017-7828: Use-after-free of PressShell while restyling layout (bsc#1068101).
- CVE-2017-7830: Cross-origin URL information leak through Resource Timing API (bsc#1068101).
Mozilla Foundation Security Advisory (MFSA 2017-25):
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
SUSE Linux Enterprise Server 11 SP3-LTSS
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2017:3233-1
- E-Mail link for SUSE-SU-2017:3233-1
- SUSE Security Ratings
- SUSE Bug 1068101
- SUSE CVE CVE-2017-7826 page
- SUSE CVE CVE-2017-7828 page
- SUSE CVE CVE-2017-7830 page
Описание
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7826
- SUSE Bug 1068101
Описание
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7828
- SUSE Bug 1068101
Описание
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7830
- SUSE Bug 1068101