Security update for MozillaFirefox (important)

2017-08-1200:08:54

lists.opensuse.org

511

0.02 Low

EPSS

Percentile

87.7%

JSON

This update to Mozilla Firefox 52.3esr fixes a number of security issues.

The following vulnerabilities were advised upstream under MFSA 2017-19
(boo#1052829):

CVE-2017-7798: XUL injection in the style editor in devtools
CVE-2017-7800: Use-after-free in WebSockets during disconnection
CVE-2017-7801: Use-after-free with marquee during window resizing
CVE-2017-7784: Use-after-free with image observers
CVE-2017-7802: Use-after-free resizing image elements
CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
CVE-2017-7786: Buffer overflow while painting non-displayable SVG
CVE-2017-7753: Out-of-bounds read with cached style data and
pseudo-elements#
CVE-2017-7787: Same-origin policy bypass with iframes through page
reloads
CVE-2017-7807: Domain hijacking through AppCache fallback
CVE-2017-7792: Buffer overflow viewing certificates with an extremely
long OID
CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
CVE-2017-7791: Spoofing following page navigation with data: protocol
and modal alerts
CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP
protections
CVE-2017-7803: CSP containing ‘sandbox’ improperly applied
CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR
52.3

OSVersionArchitecturePackageVersionFilename
openSUSE Leap42.2x86_64mozillafirefox-branding-upstream< 52.3.0-57.15.1MozillaFirefox-branding-upstream-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap42.2x86_64mozillafirefox-buildsymbols< 52.3.0-57.15.1MozillaFirefox-buildsymbols-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap42.2x86_64mozillafirefox-translations-common< 52.3.0-57.15.1MozillaFirefox-translations-common-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap42.3x86_64mozillafirefox-buildsymbols< 52.3.0-60.1MozillaFirefox-buildsymbols-52.3.0-60.1.x86_64.rpm
openSUSE Leap42.3x86_64mozillafirefox-translations-other< 52.3.0-60.1MozillaFirefox-translations-other-52.3.0-60.1.x86_64.rpm
openSUSE Leap42.2x86_64mozillafirefox-translations-other< 52.3.0-57.15.1MozillaFirefox-translations-other-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap42.3x86_64mozillafirefox< 52.3.0-60.1MozillaFirefox-52.3.0-60.1.x86_64.rpm
openSUSE Leap42.2x86_64mozillafirefox-devel< 52.3.0-57.15.1MozillaFirefox-devel-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap42.3x86_64mozillafirefox-devel< 52.3.0-60.1MozillaFirefox-devel-52.3.0-60.1.x86_64.rpm
openSUSE Leap42.2x86_64mozillafirefox< 52.3.0-57.15.1MozillaFirefox-52.3.0-57.15.1.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE Leap	42.2	x86_64	mozillafirefox-branding-upstream	< 52.3.0-57.15.1	MozillaFirefox-branding-upstream-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap	42.2	x86_64	mozillafirefox-buildsymbols	< 52.3.0-57.15.1	MozillaFirefox-buildsymbols-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap	42.2	x86_64	mozillafirefox-translations-common	< 52.3.0-57.15.1	MozillaFirefox-translations-common-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	mozillafirefox-buildsymbols	< 52.3.0-60.1	MozillaFirefox-buildsymbols-52.3.0-60.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	mozillafirefox-translations-other	< 52.3.0-60.1	MozillaFirefox-translations-other-52.3.0-60.1.x86_64.rpm
openSUSE Leap	42.2	x86_64	mozillafirefox-translations-other	< 52.3.0-57.15.1	MozillaFirefox-translations-other-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	mozillafirefox	< 52.3.0-60.1	MozillaFirefox-52.3.0-60.1.x86_64.rpm
openSUSE Leap	42.2	x86_64	mozillafirefox-devel	< 52.3.0-57.15.1	MozillaFirefox-devel-52.3.0-57.15.1.x86_64.rpm
openSUSE Leap	42.3	x86_64	mozillafirefox-devel	< 52.3.0-60.1	MozillaFirefox-devel-52.3.0-60.1.x86_64.rpm
openSUSE Leap	42.2	x86_64	mozillafirefox	< 52.3.0-57.15.1	MozillaFirefox-52.3.0-57.15.1.x86_64.rpm