Lucene search

K
suseSuseOPENSUSE-SU-2017:1099-1
HistoryApr 25, 2017 - 12:08 a.m.

Security update for Mozilla Firefox (important)

2017-04-2500:08:46
lists.opensuse.org
36

0.417 Medium

EPSS

Percentile

96.9%

Mozilla Firefox was updated to Firefox 52.1.0esr.

The following vulnerabilities were fixed (bsc#1035082):

  • CVE-2017-5443: Out-of-bounds write during BinHex decoding
  • CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
    and Firefox ESR 52.1
  • CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
  • CVE-2017-5465: Out-of-bounds read in ConvolvePixel
  • CVE-2017-5466: Origin confusion when reloading isolated data:text/html
    URL
  • CVE-2017-5467: Memory corruption when drawing Skia content
  • CVE-2017-5460: Use-after-free in frame selection
  • CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
  • CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
  • CVE-2017-5449: Crash during bidirectional unicode manipulation with
    animation
  • CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
    incorrect data
  • CVE-2017-5447: Out-of-bounds read during glyph processing
  • CVE-2017-5444: Buffer overflow while parsing
    application/http-index-format content

The package is now following the ESR 52 branch:

  • Enable plugin support by default
  • service workers are disabled by default
  • push notifications are disabled by default
  • WebAssembly (wasm) is disabled
  • Less use of multiprocess architecture Electrolysis (e10s)

0.417 Medium

EPSS

Percentile

96.9%

Related for OPENSUSE-SU-2017:1099-1