[3.6] firefox-esr: Multiple vulnerabilities (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7778)
CVE-2017-5470: Memory safety bugs
CVE-2017-5472: Use-after-free using destroyed node when regenerating
trees
CVE-2017-7749: Use-after-free during docshell reloading
CVE-2017-7750: Use-after-free with track elements
CVE-2017-7751: Use-after-free with content viewer listeners
CVE-2017-7752: Use-after-free with IME input
CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
errors
CVE-2017-7757: Use-after-free in IndexedDB
CVE-2017-7758: Out-of-bounds read in Opus encoder
CVE-2017-7764: Domain spoofing with combination of Canadian
Syllabics and other unicode blocks
CVE-2017-7778: Vulnerabilities in the Graphite 2 library
Fixed in:
Firefox ESR 52.2
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/
(from redmine: issue id 7425, created on 2017-06-15, closed on 2017-06-15)
- Changesets:
- Revision c6c27a81 by Natanael Copa on 2017-06-15T13:56:39Z:
community/firefox-esr: security upgrade to 52.2.0
fixes #7425