File _patchinfo of Package patchinfo.7325

<patchinfo incident="7325">
  <issue id="1060445" tracker="bnc">VUL-0: MozillaFirefox 56 / 52.4.0esr security release</issue>
  <issue id="2017-7805" tracker="cve" />
  <issue tracker="cve" id="2017-7793"></issue>
  <issue tracker="cve" id="2017-7818"></issue>
  <issue tracker="cve" id="2017-7819"></issue>
  <issue tracker="cve" id="2017-7824"></issue>
  <issue tracker="cve" id="2017-7814"></issue>
  <issue tracker="cve" id="2017-7823"></issue>
  <issue tracker="cve" id="2017-7810"></issue>
  <issue tracker="bnc" id="1061005"/>
  <category>security</category>
  <rating>important</rating>
  <packager>wrosenauer</packager>
  <description>This update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs.
    
The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed:
    
- CVE-2017-7793: Use-after-free with Fetch API
- CVE-2017-7818: Use-after-free during ARIA array manipulation
- CVE-2017-7819: Use-after-free while resizing images in design mode
- CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
- CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
- CVE-2017-7823: CSP sandbox directive did not create a unique origin
- CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
    
The following security issue was fixed in Mozilla NSS 3.28.6: 

- CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005)

The following bug was fixed:

- boo#1029917: language accept header use incorrect locale

For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS.
</description>
  <summary>Security update for Mozilla Firefox and NSS</summary>
</patchinfo>