[FREEBSD:F78EAC48-C3D1-4666-8DE5-63CEEA25A578] mozilla -- multiple vulnerabilities
Severity
Critical
Affected Packages
5
CVEs
15
Mozilla Foundation reports:
CVE-2017-7828: Use-after-free of PressShell while restyling layout
CVE-2017-7830: Cross-origin URL information leak through Resource Timing API
CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects
CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers
CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters
CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections
CVE-2017-7835: Mixed content blocking incorrectly applies with redirects
CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X
CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies
CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN
CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism
CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags
CVE-2017-7842: Referrer Policy is not always respected for <link> elements
CVE-2017-7827: Memory safety bugs fixed in Firefox 57
CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
Package | Affected Version |
---|---|
pkg:freebsd/seamonkey | < 2.49.2 |
pkg:freebsd/linux-firefox | < 52.5.0,2 |
pkg:freebsd/libxul | < 52.5.0 |
pkg:freebsd/firefox-esr | < 52.5.0,1 |
pkg:freebsd/firefox | < 56.0.2_10,1 |
- ID
- FREEBSD:F78EAC48-C3D1-4666-8DE5-63CEEA25A578
- Severity
- critical
- Severity from
- CVE-2017-7826
- URL
- http://vuxml.freebsd.org/freebsd/f78eac48-c3d1-4666-8de5-63ceea25a578.html
- Published
-
2017-11-14T00:00:00
(6 years ago) - Modified
-
2017-11-14T00:00:00
(6 years ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ASA-201711-23
- ASA-201711-43
- DSA-4035-1
- DSA-4061-1
- DSA-4075-1
- ELSA-2017-3247
- ELSA-2017-3372
- FREEBSD:6056BF68-F570-4E70-B740-B9F606971283
- GLSA-201803-14
- MFSA-2017-24
- MFSA-2017-25
- MFSA-2017-26
- openSUSE-SU-2017:3108-1
- openSUSE-SU-2017:3110-1
- RHSA-2017:3247
- RHSA-2017:3372
- SUSE-SU-2017:3213-1
- SUSE-SU-2017:3233-1
- USN-3477-1
- USN-3490-1
- USN-3688-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2017-24/ | ||
FreeBSD VuXML | https://www.mozilla.org/security/advisories/mfsa2017-25/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/seamonkey | seamonkey | < 2.49.2 | ||||
Affected | pkg:freebsd/linux-firefox | linux-firefox | < 52.5.0,2 | ||||
Affected | pkg:freebsd/libxul | libxul | < 52.5.0 | ||||
Affected | pkg:freebsd/firefox-esr | firefox-esr | < 52.5.0,1 | ||||
Affected | pkg:freebsd/firefox | firefox | < 56.0.2_10,1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |