Overview

File _patchinfo of Package patchinfo.4974

<patchinfo incident="4974">
<issue id="1035082" tracker="bnc">VUL-0: MozillaFirefox 53 / 45.9 release</issue>
<issue id="1043960" tracker="bnc">VUL-0: MozillaFirefox: 54/52.2 security release</issue>
<issue id="2017-7758" tracker="cve" />
<issue id="2017-7778" tracker="cve" />
<issue id="2017-7763" tracker="cve" />
<issue id="2017-5467" tracker="cve" />
<issue id="2017-5466" tracker="cve" />
<issue id="2017-5464" tracker="cve" />
<issue id="2017-5429" tracker="cve" />
<issue id="2017-5465" tracker="cve" />
<issue id="2017-5441" tracker="cve" />
<issue id="2017-5440" tracker="cve" />
<issue id="2017-5443" tracker="cve" />
<issue id="2017-5442" tracker="cve" />
<issue id="2017-5445" tracker="cve" />
<issue id="2017-5444" tracker="cve" />
<issue id="2017-5447" tracker="cve" />
<issue id="2017-5446" tracker="cve" />
<issue id="2017-5449" tracker="cve" />
<issue id="2017-5448" tracker="cve" />
<issue id="2017-5469" tracker="cve" />
<issue id="2017-7749" tracker="cve" />
<issue id="2017-7764" tracker="cve" />
<issue id="2017-7765" tracker="cve" />
<issue id="2017-5461" tracker="cve" />
<issue id="2017-7761" tracker="cve" />
<issue id="2017-5460" tracker="cve" />
<issue id="2017-7768" tracker="cve" />
<issue id="2017-5434" tracker="cve" />
<issue id="2017-5435" tracker="cve" />
<issue id="2017-5436" tracker="cve" />
<issue id="2017-7750" tracker="cve" />
<issue id="2017-5430" tracker="cve" />
<issue id="2017-5462" tracker="cve" />
<issue id="2017-5432" tracker="cve" />
<issue id="2017-5433" tracker="cve" />
<issue id="2017-5470" tracker="cve" />
<issue id="2017-5472" tracker="cve" />
<issue id="2017-7754" tracker="cve" />
<issue id="2017-5438" tracker="cve" />
<issue id="2017-5439" tracker="cve" />
<issue id="2017-5451" tracker="cve" />
<issue id="2017-5456" tracker="cve" />
<issue id="2017-5454" tracker="cve" />
<issue id="2017-5455" tracker="cve" />
<issue id="2017-7752" tracker="cve" />
<issue id="2017-7751" tracker="cve" />
<issue id="2017-5459" tracker="cve" />
<issue id="2017-7757" tracker="cve" />
<issue id="2017-7756" tracker="cve" />
<issue id="2017-7755" tracker="cve" />
<issue id="2016-10196" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>pcerny</packager>
<description>The MozillaFirefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960):

* MFSA 2017-16/CVE-2017-7758
  Out-of-bounds read in Opus encoder
* MFSA 2017-16/CVE-2017-7749
  Use-after-free during docshell reloading
* MFSA 2017-16/CVE-2017-7751
  Use-after-free with content viewer listeners
* MFSA 2017-16/CVE-2017-5472
  Use-after-free using destroyed node when regenerating trees
* MFSA 2017-16/CVE-2017-5470
  Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
* MFSA 2017-16/CVE-2017-7752
  Use-after-free with IME input
* MFSA 2017-16/CVE-2017-7750
  Use-after-free with track elements
* MFSA 2017-16/CVE-2017-7768
  32 byte arbitrary file read through Mozilla Maintenance
  Service
* MFSA 2017-16/CVE-2017-7778
  Vulnerabilities in the Graphite 2 library
* MFSA 2017-16/CVE-2017-7754
  Out-of-bounds read in WebGL with ImageInfo object
* MFSA 2017-16/CVE-2017-7755
  Privilege escalation through Firefox Installer with same
  directory DLL files
* MFSA 2017-16/CVE-2017-7756
  Use-after-free and use-after-scope logging XHR header errors
* MFSA 2017-16/CVE-2017-7757
  Use-after-free in IndexedDB
* MFSA 2017-16/CVE-2017-7761
  File deletion and privilege escalation through Mozilla
  Maintenance Service helper.exe application
* MFSA 2017-16/CVE-2017-7763
  Mac fonts render some unicode characters as spaces
* MFSA 2017-16/CVE-2017-7765
  Mark of the Web bypass when saving executable files
* MFSA 2017-16/CVE-2017-7764
  (bmo#1364283, bmo#http://www.unicode.org/reports/tr31/tr31-26
   .html#Aspirational_Use_Scripts)
  Domain spoofing with combination of Canadian Syllabics and
  other unicode blocks

- update to Firefox ESR 52.1 (bsc#1035082)
* MFSA 2017-12/CVE-2016-10196
  Vulnerabilities in Libevent library
* MFSA 2017-12/CVE-2017-5443
  Out-of-bounds write during BinHex decoding
* MFSA 2017-12/CVE-2017-5429
  Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and
  Firefox ESR 52.1
* MFSA 2017-12/CVE-2017-5464
  Memory corruption with accessibility and DOM manipulation
* MFSA 2017-12/CVE-2017-5465
  Out-of-bounds read in ConvolvePixel
* MFSA 2017-12/CVE-2017-5466
  Origin confusion when reloading isolated data:text/html URL
* MFSA 2017-12/CVE-2017-5467
  Memory corruption when drawing Skia content
* MFSA 2017-12/CVE-2017-5460
  Use-after-free in frame selection
* MFSA 2017-12/CVE-2017-5461
  Out-of-bounds write in Base64 encoding in NSS
* MFSA 2017-12/CVE-2017-5448
  Out-of-bounds write in ClearKeyDecryptor
* MFSA 2017-12/CVE-2017-5449
  Crash during bidirectional unicode manipulation with
  animation
* MFSA 2017-12/CVE-2017-5446
  Out-of-bounds read when HTTP/2 DATA frames are sent with
  incorrect data
* MFSA 2017-12/CVE-2017-5447
  Out-of-bounds read during glyph processing
* MFSA 2017-12/CVE-2017-5444
  Buffer overflow while parsing application/http-index-format
  content
* MFSA 2017-12/CVE-2017-5445
  Uninitialized values used while parsing application/http-
  index-format content
* MFSA 2017-12/CVE-2017-5442
  Use-after-free during style changes
* MFSA 2017-12/CVE-2017-5469
  Potential Buffer overflow in flex-generated code
* MFSA 2017-12/CVE-2017-5440
  Use-after-free in txExecutionState destructor during XSLT
  processing
* MFSA 2017-12/CVE-2017-5441
  Use-after-free with selection during scroll events
* MFSA 2017-12/CVE-2017-5439
  Use-after-free in nsTArray Length() during XSLT processing
* MFSA 2017-12/CVE-2017-5438
  Use-after-free in nsAutoPtr during XSLT processing
* MFSA 2017-12/CVE-2017-5436
  Out-of-bounds write with malicious font in Graphite 2
* MFSA 2017-12/CVE-2017-5435
  Use-after-free during transaction processing in the editor
* MFSA 2017-12/CVE-2017-5434
  Use-after-free during focus handling
* MFSA 2017-12/CVE-2017-5433
  Use-after-free in SMIL animation functions
* MFSA 2017-12/CVE-2017-5432
  Use-after-free in text input selection
* MFSA 2017-12/CVE-2017-5430
  Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
* MFSA 2017-12/CVE-2017-5459
  Buffer overflow in WebGL
* MFSA 2017-12/CVE-2017-5462
  DRBG flaw in NSS
* MFSA 2017-12/CVE-2017-5455
  Sandbox escape through internal feed reader APIs
* MFSA 2017-12/CVE-2017-5454
  Sandbox escape allowing file system read access through file
  picker
* MFSA 2017-12/CVE-2017-5456
  Sandbox escape allowing local file system access
* MFSA 2017-12/CVE-2017-5451
  Addressbar spoofing with onblur event

</description>
<summary>Security update for MozillaFirefox, MozillaFirefox-branding-SLE</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places