File _patchinfo of Package patchinfo.5768

<patchinfo incident="5768">
  <issue id="1060445" tracker="bnc">VUL-0: MozillaFirefox 56 / 52.4.0esr security release</issue>
  <issue id="1061005" tracker="bnc">VUL-0: CVE-2017-7805: mozilla-nss:  Potential use-after-free in TLS 1.2 server when verifying client authentication</issue>
  <issue id="2017-7818" tracker="cve" />
  <issue id="2017-7819" tracker="cve" />
  <issue id="2017-7810" tracker="cve" />
  <issue id="2017-7814" tracker="cve" />
  <issue id="2017-7823" tracker="cve" />
  <issue id="2017-7805" tracker="cve" />
  <issue id="2017-7793" tracker="cve" />
  <issue id="2017-7824" tracker="cve" />
  <issue id="2017-7825" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>pcerny</packager>
  <description>This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues:

This security issue was fixed for mozilla-nss:

- CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes (bsc#1061005)

These security issues were fixed for Firefox 

- CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering (bsc#1060445).
- CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes (bsc#1060445).
- CVE-2017-7819: Prevent Use-after-free while resizing images in design mode (bsc#1060445).
- CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation (bsc#1060445).
- CVE-2017-7793: Prevent Use-after-free with Fetch API (bsc#1060445).
- CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE (bsc#1060445).
- CVE-2017-7810: Fixed several memory safety bugs (bsc#1060445).
- CVE-2017-7823: CSP sandbox directive did not create a unique origin (bsc#1060445).
- CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings (bsc#1060445).
</description>
  <summary>Security update for MozillaFirefox, mozilla-nss</summary>
</patchinfo>