File _patchinfo of Package patchinfo.6483
<patchinfo incident="6483">
<issue id="1028391" tracker="bnc">VUL-0: MozillaFirefox 52/45.8.0 security release</issue>
<issue id="2017-5399" tracker="cve" />
<issue id="2017-5398" tracker="cve" />
<issue id="2017-5422" tracker="cve" />
<issue id="2017-5421" tracker="cve" />
<issue id="2017-5420" tracker="cve" />
<issue id="2017-5427" tracker="cve" />
<issue id="2017-5426" tracker="cve" />
<issue id="2017-5405" tracker="cve" />
<issue id="2017-5404" tracker="cve" />
<issue id="2017-5407" tracker="cve" />
<issue id="2017-5406" tracker="cve" />
<issue id="2017-5401" tracker="cve" />
<issue id="2017-5400" tracker="cve" />
<issue id="2017-5403" tracker="cve" />
<issue id="2017-5402" tracker="cve" />
<issue id="2017-5408" tracker="cve" />
<issue id="2017-5418" tracker="cve" />
<issue id="2017-5419" tracker="cve" />
<issue id="2017-5416" tracker="cve" />
<issue id="2017-5417" tracker="cve" />
<issue id="2017-5414" tracker="cve" />
<issue id="2017-5415" tracker="cve" />
<issue id="2017-5412" tracker="cve" />
<issue id="2017-5413" tracker="cve" />
<issue id="2017-5410" tracker="cve" />
<category>security</category>
<rating>important</rating>
<packager>wrosenauer</packager>
<description>
This update for MozillaFirefox and mozilla-nss fixes the following issues:
MozillaFirefox was updated to Firefox 52.0 (boo#1028391)
* requires NSS >= 3.28.3
* Pages containing insecure password fields now display a warning
directly within username and password fields.
* Send and open a tab from one device to another with Sync
* Removed NPAPI support for plugins other than Flash. Silverlight,
Java, Acrobat and the like are no longer supported.
* Removed Battery Status API to reduce fingerprinting of users by
trackers
* MFSA 2017-05
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP
(bmo#1334933)
CVE-2017-5401: Memory Corruption when handling ErrorResult
(bmo#1328861)
CVE-2017-5402: Use-after-free working with events in FontFace
objects (bmo#1334876)
CVE-2017-5403: Use-after-free using addRange to add range to an
incorrect root object (bmo#1340186)
CVE-2017-5404: Use-after-free working with ranges in selections
(bmo#1340138)
CVE-2017-5406: Segmentation fault in Skia with canvas operations
(bmo#1306890)
CVE-2017-5407: Pixel and history stealing via floating-point
timing side channel with SVG filters (bmo#1336622)
CVE-2017-5410: Memory corruption during JavaScript garbage
collection incremental sweeping (bmo#1330687)
CVE-2017-5408: Cross-origin reading of video captions in violation
of CORS (bmo#1313711)
CVE-2017-5412: Buffer overflow read in SVG filters (bmo#1328323)
CVE-2017-5413: Segmentation fault during bidirectional operations
(bmo#1337504)
CVE-2017-5414: File picker can choose incorrect default directory
(bmo#1319370)
CVE-2017-5415: Addressbar spoofing through blob URL (bmo#1321719)
CVE-2017-5416: Null dereference crash in HttpChannel (bmo#1328121)
CVE-2017-5417: Addressbar spoofing by draging and dropping URLs
(bmo#791597)
CVE-2017-5426: Gecko Media Plugin sandbox is not started if
seccomp-bpf filter is running (bmo#1257361)
CVE-2017-5427: Non-existent chrome.manifest file loaded during
startup (bmo#1295542)
CVE-2017-5418: Out of bounds read when parsing HTTP digest
authorization responses (bmo#1338876)
CVE-2017-5419: Repeated authentication prompts lead to DOS
attack (bmo#1312243)
CVE-2017-5420: Javascript: URLs can obfuscate addressbar
location (bmo#1284395)
CVE-2017-5405: FTP response codes can cause use of
uninitialized values for ports (bmo#1336699)
CVE-2017-5421: Print preview spoofing (bmo#1301876)
CVE-2017-5422: DOS attack by using view-source: protocol
repeatedly in one hyperlink (bmo#1295002)
CVE-2017-5399: Memory safety bugs fixed in Firefox 52
CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and
Firefox ESR 45.8
mozilla-nss was updated to NSS 3.28.3
* This is a patch release to fix binary compatibility issues.
NSS version 3.28, 3.28.1 and 3.28.2 contained changes that were
in violation with the NSS compatibility promise.
ECParams, which is part of the public API of the freebl/softokn
parts of NSS, had been changed to include an additional attribute.
That size increase caused crashes or malfunctioning with applications
that use that data structure directly, or indirectly through
ECPublicKey, ECPrivateKey, NSSLOWKEYPublicKey, NSSLOWKEYPrivateKey,
or potentially other data structures that reference ECParams.
The change has been reverted to the original state in bug
bmo#1334108.
SECKEYECPublicKey had been extended with a new attribute, named
"encoding". If an application passed type SECKEYECPublicKey to NSS
(as part of SECKEYPublicKey), the NSS library read the uninitialized
attribute. With this NSS release SECKEYECPublicKey.encoding is
deprecated. NSS no longer reads the attribute, and will always
set it to ECPoint_Undefined. See bug bmo#1340103.
- requires NSPR >= 4.13.1
- update to NSS 3.28.2
This is a stability and compatibility release. Below is a summary of
the changes.
* Fixed a NSS 3.28 regression in the signature scheme flexibility that
causes connectivity issues between iOS 8 clients and NSS servers
with ECDSA certificates (bmo#1334114)
* Fixed a possible crash on some Windows systems (bmo#1323150)
* Fixed a compatibility issue with TLS clients that do not provide a
list of supported key exchange groups (bmo#1330612)
</description>
<summary>Security update for MozillaFirefox, mozilla-nss</summary>
</patchinfo>
