Security fix for the ALT Linux 10 package firefox-esr version 52.2.0-alt1

June 21, 2017 Andrey Cherepanov 52.2.0-alt1 - New ESR version 52.2.0 - Security fixes: + CVE-2017-5472: Use-after-free using destroyed node when regenerating trees + CVE-2017-7749: Use-after-free during docshell reloading + CVE-2017-7750: Use-after-free with track elements + CVE-2017-7751:...

Debian: Security Advisory (DSA-3894-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for Mozilla based packages (important)

This update for Mozilla Firefox, Thunderbird, and NSS fixes the following issues: Mozilla Firefox was updated to 52.2esr boo1043960 MFSA 2017-16: CVE-2017-5472 bmo1365602 Use-after-free using destroyed node when regenerating trees CVE-2017-7749 bmo1355039 Use-after-free during docshell reloading...

Ubuntu 14.04 LTS / 16.04 LTS : Firefox vulnerabilities (USN-3315-1)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute...

USN-3315-1 firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, obtain sensitive information, spoof the addressbar contents, or execute...

graphite2: out of bounds read in "graphite2::Pass::readPass"

An out of bounds read flaw related to "graphite2::Pass::readPass" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash...

graphite2: heap-buffer-overflow read "graphite2::Silf::getClassGlyph"

An out of bounds read flaw related to "graphite2::Silf::getClassGlyph" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash...

graphite2: out of bounds read "graphite2::Silf::readGraphite"

An out of bounds read flaw related to "graphite2::Silf::readGraphite" has been reported in graphite2. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash...

Mozilla: Vulnerabilities in the Graphite 2 library (MFSA 2017-16)

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

graphite2: heap-buffer-overflow write "lz4::decompress" (src/Decompressor)

A heap-based buffer overflow flaw related to "lz4::decompress" src/Decompressor has been reported in graphite2. An attacker could exploit this issue to cause a crash or, possibly, execute arbitrary code...

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

Security vulnerabilities fixed in Thunderbird 52.2 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

UBUNTU-CVE-2017-7773

Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor...

UBUNTU-CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

CVE-2017-7778

A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird...

KLA11044 Multiple vulnerabilities in Mozilla Firefox and Mozilla Firefox ESR

Multiple serious vulnerabilities have been found in Firefox and Firefox ESR. Malicious users can exploit these vulnerabilities to gain privileges, cause a denial of service, read and write local files, spoof user interface and bypass security restrictions. Below is a complete list of...

Security vulnerabilities fixed in Firefox 54 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

Security vulnerabilities fixed in Firefox ESR 52.2 — Mozilla

A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. A use-after-free vulnerability when using an incorrect URL during the...

Security update for graphite2 (important)

This update for graphite2 fixes one issue. This security issues was fixed: - CVE-2017-5436: An out-of-bounds write triggered with a maliciously crafted Graphite font could lead to a crash or potentially code execution bsc1035204. This update was imported from the SUSE:SLE-12:Update update project...

Unspecified Vulnerability in Multiple Mozilla Products (CNVD-2017-07078)

Mozilla Firefox, Firefox ESR and Thunderbird are all developed by the Mozilla Foundation.Firefox is an open source web browser, Firefox ESR is an extended support version of Firefox.Thunderbird is a standalone email client from the Mozilla Thunderbird is a separate email client from Mozilla...