SUSE-SU-2017:2688-1 -- SLES MozillaFirefox, libfreebl3, libsoftokn3, mozilla-nssID: oval:org.secpod.oval:def:89044885 | Date: (C)2021-07-20 (M)2023-02-13 |
Class: PATCH | Family: unix |
This update for MozillaFirefox to ESR 52.4, mozilla-nss fixes the following issues: This security issue was fixed for mozilla-nss: - CVE-2017-7805: Prevent use-after-free in TLS 1.2 when generating handshake hashes These security issues were fixed for Firefox - CVE-2017-7825: Fixed some Tibetan and Arabic unicode characters rendering . - CVE-2017-7805: Prevent Use-after-free in TLS 1.2 generating handshake hashes . - CVE-2017-7819: Prevent Use-after-free while resizing images in design mode . - CVE-2017-7818: Prevent Use-after-free during ARIA array manipulation . - CVE-2017-7793: Prevent Use-after-free with Fetch API . - CVE-2017-7824: Prevent Buffer overflow when drawing and validating elements with ANGLE . - CVE-2017-7810: Fixed several memory safety bugs . - CVE-2017-7823: CSP sandbox directive did not create a unique origin . - CVE-2017-7814: Blob and data URLs bypassed phishing and malware protection warnings .
Platform: |
SUSE Linux Enterprise Server 12 SP3 |
SUSE Linux Enterprise Server 12 SP2 |
Product: |
MozillaFirefox |
libfreebl3 |
libsoftokn3 |
mozilla-nss |