Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:6309
patchinfo
_patchinfo
Overview
Details
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo
<patchinfo incident="6309"> <packager>wrosenauer</packager> <issue tracker="bnc" id="1021837">VUL-0: CVE-2017-5393: MozillaFirefox: Remove addons.mozilla.org CDN from whitelist for mozAddonManager</issue> <issue tracker="bnc" id="1021835">VUL-0: CVE-2017-5391: MozillaFirefox: Content about: pages can load privileged about: pages</issue> <issue tracker="bnc" id="1021832">VUL-0: CVE-2017-5384: MozillaFirefox: Information disclosure via Proxy Auto-Config (PAC)</issue> <issue tracker="bnc" id="1021833">VUL-0: CVE-2017-5385: MozillaFirefox: Data sent in multipart channels ignores referrer-policy response headers</issue> <issue tracker="bnc" id="1021830">VUL-0: CVE-2017-5381: MozillaFirefox: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations</issue> <issue tracker="bnc" id="1021831">VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged content errors and exceptions</issue> <issue tracker="bnc" id="1017174">firefox in english for a french installation</issue> <issue tracker="bnc" id="1021839">VUL-0: CVE-2017-5387: MozillaFirefox: Disclosure of local file existence through TRACK tag error messages</issue> <issue tracker="bnc" id="1021818">VUL-0: CVE-2017-5378: MozillaFirefox: Pointer and frame data leakage of Javascript objects</issue> <issue tracker="bnc" id="1021819">VUL-0: CVE-2017-5380: MozillaFirefox: Potential use-after-free during DOM manipulations</issue> <issue tracker="bnc" id="1021814">VUL-0: CVE-2017-5375: MozillaFirefox: Excessive JIT code allocation allows bypass of ASLR and DEP</issue> <issue tracker="bnc" id="1021817">VUL-0: CVE-2017-5376: MozillaFirefox: Use-after-free in XSL</issue> <issue tracker="bnc" id="1021841">VUL-0: CVE-2017-5374: MozillaFirefox: Memory safety bugs fixed in Firefox 51</issue> <issue tracker="bnc" id="1021840">VUL-0: CVE-2017-5388: MozillaFirefox: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks</issue> <issue tracker="bnc" id="1021828">VUL-0: CVE-2017-5389: MozillaFirefox: WebExtensions can install additional add-ons via modified host requests</issue> <issue tracker="bnc" id="1021821">VUL-0: CVE-2017-5396: MozillaFirefox: Use-after-free with Media Decoder</issue> <issue tracker="bnc" id="1021820">VUL-0: CVE-2017-5390: MozillaFirefox: Insecure communication methods in Developer Tools JSON viewer</issue> <issue tracker="bnc" id="1021823">VUL-0: CVE-2017-5386: MozillaFirefox: WebExtensions can use data: protocol to affect other extensions</issue> <issue tracker="bnc" id="1021822">VUL-0: CVE-2017-5383: MozillaFirefox: Location bar spoofing with unicode characters</issue> <issue tracker="bnc" id="1021824">VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7</issue> <issue tracker="bnc" id="1021827">VUL-0: CVE-2017-5379: MozillaFirefox: Use-after-free in Web Animations</issue> <issue tracker="bnc" id="1021826">VUL-0: CVE-2017-5377: MozillaFirefox: Memory corruption with transforms to create gradients in Skia</issue> <issue tracker="cve" id="2017-5391"></issue> <issue tracker="cve" id="2017-5390"></issue> <issue tracker="cve" id="2017-5393"></issue> <issue tracker="cve" id="2017-5392"></issue> <issue tracker="cve" id="2017-5395"></issue> <issue tracker="cve" id="2017-5394"></issue> <issue tracker="cve" id="2017-5396"></issue> <issue tracker="cve" id="2017-5388"></issue> <issue tracker="cve" id="2017-5389"></issue> <issue tracker="cve" id="2017-5382"></issue> <issue tracker="cve" id="2017-5383"></issue> <issue tracker="cve" id="2017-5380"></issue> <issue tracker="cve" id="2017-5381"></issue> <issue tracker="cve" id="2017-5386"></issue> <issue tracker="cve" id="2017-5387"></issue> <issue tracker="cve" id="2017-5384"></issue> <issue tracker="cve" id="2017-5385"></issue> <issue tracker="cve" id="2017-5373"></issue> <issue tracker="cve" id="2017-5377"></issue> <issue tracker="cve" id="2017-5376"></issue> <issue tracker="cve" id="2017-5375"></issue> <issue tracker="cve" id="2017-5374"></issue> <issue tracker="cve" id="2017-5379"></issue> <issue tracker="cve" id="2017-5378"></issue> <category>security</category> <rating>important</rating> <summary>Security update for MozillaFirefox</summary> <description>This update for MozillaFirefox to version 51.0.1 fixes security issues and bugs. These security issues were fixed: * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP (bmo#1325200, boo#1021814) * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817) CVE-2017-5377: Memory corruption with transforms to create gradients in Skia (bmo#1306883, boo#1021826) * CVE-2017-5378: Pointer and frame data leakage of Javascript objects (bmo#1312001, bmo#1330769, boo#1021818) * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827) * CVE-2017-5380: Potential use-after-free during DOM manipulations (bmo#1322107, boo#1021819) * CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer (bmo#1297361, boo#1021820) * CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests (bmo#1308688, boo#1021828) * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403, boo#1021821) * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations (bmo#1017616, boo#1021830) * CVE-2017-5382: Feed preview can expose privileged content errors and exceptions (bmo#1295322, boo#1021831) * CVE-2017-5383: Location bar spoofing with unicode characters (bmo#1323338, bmo#1324716, boo#1021822) * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC) (bmo#1255474, boo#1021832) * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers (bmo#1295945, boo#1021833) * CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions (bmo#1319070, boo#1021823) * CVE-2017-5391: Content about: pages can load privileged about: pages (bmo#1309310, boo#1021835) * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager (bmo#1309282, boo#1021837) * CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages (bmo#1295023, boo#1021839) * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks (bmo#1281482, boo#1021840) * CVE-2017-5374: Memory safety bugs (boo#1021841) * CVE-2017-5373: Memory safety bugs (boo#1021824) These non-security issues in MozillaFirefox were fixed: * Added support for FLAC (Free Lossless Audio Codec) playback * Added support for WebGL 2 * Added Georgian (ka) and Kabyle (kab) locales * Support saving passwords for forms without 'submit' events * Improved video performance for users without GPU acceleration * Zoom indicator is shown in the URL bar if the zoom level is not at default level * View passwords from the prompt before saving them * Remove Belarusian (be) locale * Use Skia for content rendering (Linux) * Improve recognition of LANGUAGE env variable (boo#1017174) * Multiprocess incompatibility did not correctly register with some add-ons (bmo#1333423) </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor