Overview Details Repositories Revisions Requests Users Attributes Meta
Security update for Mozilla Firefox and NSS

This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs.

The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed:

- CVE-2017-7793: Use-after-free with Fetch API
- CVE-2017-7818: Use-after-free during ARIA array manipulation
- CVE-2017-7819: Use-after-free while resizing images in design mode
- CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
- CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
- CVE-2017-7823: CSP sandbox directive did not create a unique origin
- CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

The following security issue was fixed in Mozilla NSS 3.28.6:

- CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005)

The following bug was fixed:

- boo#1029917: language accept header use incorrect locale

For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS.

Fixed bugs
bnc#1060445
VUL-0: MozillaFirefox 56 / 52.4.0esr security release
CVE-2017-7805
CVE-2017-7793
CVE-2017-7818
CVE-2017-7819
CVE-2017-7824
CVE-2017-7814
CVE-2017-7823
CVE-2017-7810
bnc#1061005
VUL-0: CVE-2017-7805: mozilla-nss: Potential use-after-free in TLS 1.2 server when verifying client authentication
Selected Binaries
openSUSE Build Service is sponsored by
Places