Overview

File _patchinfo of Package patchinfo.4065

<patchinfo incident="4065">
  <issue id="1021991" tracker="bnc">VUL-0: MozillaFirefox 51/45.7.0 security release</issue>
  <issue id="1021822" tracker="bnc">VUL-0: CVE-2017-5383: MozillaFirefox: Location bar spoofing with unicode characters</issue>
  <issue id="1021814" tracker="bnc">VUL-0: CVE-2017-5375: MozillaFirefox: Excessive JIT code allocation allows bypass of ASLR and DEP</issue>
  <issue id="1021818" tracker="bnc">VUL-0: CVE-2017-5378: MozillaFirefox: Pointer and frame data leakage of Javascript objects</issue>
  <issue id="1021819" tracker="bnc">VUL-0: CVE-2017-5380: MozillaFirefox: Potential use-after-free during DOM manipulations</issue>
  <issue id="1021821" tracker="bnc">VUL-0: CVE-2017-5396: MozillaFirefox: Use-after-free with Media Decoder</issue>
  <issue id="1021820" tracker="bnc">VUL-0: CVE-2017-5390: MozillaFirefox: Insecure communication methods in Developer Tools JSON viewer</issue>
  <issue id="1021823" tracker="bnc">VUL-0: CVE-2017-5386: MozillaFirefox: WebExtensions can use data: protocol to affect other extensions</issue>
  <issue id="1021817" tracker="bnc">VUL-0: CVE-2017-5376: MozillaFirefox: Use-after-free in XSL</issue>
  <issue id="1021824" tracker="bnc">VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</issue>
  <issue id="2017-5373" tracker="cve" />
  <issue id="2017-5376" tracker="cve" />
  <issue id="2017-5375" tracker="cve" />
  <issue id="2017-5390" tracker="cve" />
  <issue id="2017-5380" tracker="cve" />
  <issue id="2017-5378" tracker="cve" />
  <issue id="2017-5386" tracker="cve" />
  <issue id="2017-5396" tracker="cve" />
  <issue id="2017-5383" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>
MozillaFirefox 45 ESR was updated to 45.7 to fix the following issues (bsc#1021991):

* MFSA 2017-02/CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bsc#1021818)
* MFSA 2017-02/CVE-2017-5396: Use-after-free with Media Decoder (bsc#1021821)
* MFSA 2017-02/CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bsc#1021823)
* MFSA 2017-02/CVE-2017-5380: Potential use-after-free during DOM manipulations (bsc#1021819)
* MFSA 2017-02/CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bsc#1021820)
* MFSA 2017-02/CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (bsc#1021824)
* MFSA 2017-02/CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bsc#1021814)
* MFSA 2017-02/CVE-2017-5376: Use-after-free in XSL (bsc#1021817)
* MFSA 2017-02/CVE-2017-5383: Location bar spoofing with unicode characters (bsc#1021822)

Please see https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
for more information.
</description>
  <summary>Security update for MozillaFirefox</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places