Описание
Security update for MozillaFirefox
MozillaFirefox was updated to 52.5.0esr (boo#1068101)
MFSA 2017-25
- CVE-2017-7828: Fixed a use-after-free of PressShell while restyling layout
- CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
- CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Also fixed:
- Correct plugin directory for aarch64 (boo#1061207). The wrapper script was not detecting aarch64 as a 64 bit architecture, thus used /usr/lib/browser-plugins/.
Список пакетов
openSUSE Leap 42.2
openSUSE Leap 42.3
Ссылки
- E-Mail link for openSUSE-SU-2017:3027-1
- SUSE Security Ratings
Описание
Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7826
- SUSE Bug 1068101
Описание
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7828
- SUSE Bug 1068101
Описание
The Resource Timing API incorrectly revealed navigations in cross-origin iframes. This is a same-origin policy violation and could allow for data theft of URLs loaded by users. This vulnerability affects Firefox < 57, Firefox ESR < 52.5, and Thunderbird < 52.5.
Затронутые продукты
Ссылки
- CVE-2017-7830
- SUSE Bug 1068101