Project

General

Profile

Bug #6747

Bug #6745: firefox-esr: Security vulnerabilities (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)

[3.5] firefox-esr: Security vulnerabilities (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)

Added by Alicha CH about 2 years ago. Updated about 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
01/26/2017
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
CVE-2017-5396: Use-after-free with Media Decoder

Fixed in:

Firefox ESR 45.7

Reference:

https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/

Associated revisions

Revision 53a9b8c7 (diff)
Added by Sergei Lukin about 2 years ago

community/firefox-esr: security upgrade to 45.7.0 - fixes #6747

CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
CVE-2017-5396: Use-after-free with Media Decoder

History

#1 Updated by Natanael Copa about 2 years ago

  • Target version changed from 3.5.1 to 3.5.2

#2 Updated by Sergei Lukin about 2 years ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH about 2 years ago

  • Category set to Security
  • Status changed from Resolved to Closed

Also available in: Atom PDF