SUSE-SU-2017:2589-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89044613 | Date: (C)2021-07-07 (M)2023-02-13 |
Class: PATCH | Family: unix |
This update for MozillaFirefox to ESR 52.3 fixes several issues. These security issues were fixed: - CVE-2017-7807 Domain hijacking through AppCache fallback - CVE-2017-7791 Spoofing following page navigation with data: protocol and modal alerts - CVE-2017-7792 Buffer overflow viewing certificates with an extremely long OID - CVE-2017-7782 WindowsDllDetourPatcher allocates memory without DEP protections - CVE-2017-7787 Same-origin policy bypass with iframes through page reloads - CVE-2017-7786 Buffer overflow while painting non-displayable SVG - CVE-2017-7785 Buffer overflow manipulating ARIA attributes in DOM - CVE-2017-7784 Use-after-free with image observers - CVE-2017-7753 Out-of-bounds read with cached style data and pseudo-elements - CVE-2017-7798 XUL injection in the style editor in devtools - CVE-2017-7804 Memory protection bypass through WindowsDllDetourPatcher - CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 - CVE-2017-7800 Use-after-free in WebSockets during disconnection - CVE-2017-7801 Use-after-free with marquee during window resizing - CVE-2017-7802 Use-after-free resizing image elements - CVE-2017-7803 CSP containing "sandbox" improperly applied
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |