[FREEBSD:F78EAC48-C3D1-4666-8DE5-63CEEA25A578] mozilla -- multiple vulnerabilities
Severity
Critical
Affected Packages
5
CVEs
15
Mozilla Foundation reports:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects
CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers
CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters
CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
CVE-2017-7835: Mixed content blocking incorrectly applies with redirects
CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X
CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies
CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN
CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism
CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags
CVE-2017-7842: Referrer Policy is not always respected for <link> elements
CVE-2017-7827: Memory safety bugs fixed in Firefox 57
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
| Package | Affected Version |
|---|---|
 pkg:freebsd/seamonkey
|
< 2.49.2 |
|
pkg:freebsd/linux-firefox
|
< 52.5.0,2 |
|
pkg:freebsd/libxul
|
< 52.5.0 |
|
pkg:freebsd/firefox-esr
|
< 52.5.0,1 |
|
pkg:freebsd/firefox
|
< 56.0.2_10,1 |
- ID
- FREEBSD:F78EAC48-C3D1-4666-8DE5-63CEEA25A578
- Severity
- critical
- Severity from
- CVE-2017-7826
- URL
- http://vuxml.freebsd.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html
- Published
-
2017-11-14T00:00:00
(6 years ago) - Modified
-
2017-11-14T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
-
ASA-201711-23
-
ASA-201711-43
-
DSA-4035-1
-
DSA-4061-1
-
DSA-4075-1
-
ELSA-2017-3247
-
ELSA-2017-3372
-
FREEBSD:6056BF68-F570-4E70-B740-B9F606971283
-
GLSA-201803-14
-
MFSA-2017-24
-
MFSA-2017-25
-
MFSA-2017-26
-
openSUSE-SU-2017:3108-1
-
openSUSE-SU-2017:3110-1
-
RHSA-2017:3247
-
RHSA-2017:3372
-
SUSE-SU-2017:3213-1
-
SUSE-SU-2017:3233-1
-
USN-3477-1
-
USN-3490-1
-
USN-3688-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| FreeBSD VuXML |
|
||
| FreeBSD VuXML |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:freebsd/seamonkey |
seamonkey
|
< 2.49.2 | ||||
| Affected | pkg:freebsd/linux-firefox |
linux-firefox
|
< 52.5.0,2 | ||||
| Affected | pkg:freebsd/libxul |
libxul
|
< 52.5.0 | ||||
| Affected | pkg:freebsd/firefox-esr |
firefox-esr
|
< 52.5.0,1 | ||||
| Affected | pkg:freebsd/firefox |
firefox
|
< 56.0.2_10,1 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |