1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2017:2302-1

[SUSE-SU-2017:2302-1] Security update for MozillaFirefox

Severity Important
Affected Packages 24
CVEs 16
Info Packages References Vulnerabilities

Security update for MozillaFirefox

Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829)

Following security issues were fixed:

  • MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback
  • MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
  • MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
  • MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
  • MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
  • MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG
  • MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
  • MFSA 2017-19/CVE-2017-7784: Use-after-free with image observers
  • MFSA 2017-19/CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
  • MFSA 2017-19/CVE-2017-7798: XUL injection in the style editor in devtools
  • MFSA 2017-19/CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
  • MFSA 2017-19/CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
  • MFSA 2017-19/CVE-2017-7800: Use-after-free in WebSockets during disconnection
  • MFSA 2017-19/CVE-2017-7801: Use-after-free with marquee during window resizing
  • MFSA 2017-19/CVE-2017-7802: Use-after-free resizing image elements
  • MFSA 2017-19/CVE-2017-7803: CSP containing 'sandbox' improperly applied

This update also fixes:

  • fixed firefox hangs after a while in FUTEX_WAIT_PRIVATE if cgroups enabled and running on cpu >=1 (bsc#1031485)
  • The Itanium ia64 build was fixed.
Package Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=ppc64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=ia64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=ia64&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=4 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=3 < 52.3.0esr-72.9.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=x86_64&distro=sles-11&sp=4 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=x86_64&distro=sles-11&sp=3 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=s390x&distro=sles-11&sp=4 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=s390x&distro=sles-11&sp=3 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=ppc64&distro=sles-11&sp=4 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=ia64&distro=sles-11&sp=4 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=i586&distro=sles-11&sp=4 < 52-24.5.1
pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=i586&distro=sles-11&sp=3 < 52-24.5.1
ID
SUSE-SU-2017:2302-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2017/suse-su-20172302-1/
Published
2017-08-30T13:31:52
(7 years ago)
Modified
2017-08-30T13:31:52
(7 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2302-1.json
Suse URL for SUSE-SU-2017:2302-1 https://www.suse.com/support/update/announcement/2017/suse-su-20172302-1/
Suse E-Mail link for SUSE-SU-2017:2302-1 https://lists.suse.com/pipermail/sle-security-updates/2017-August/003171.html
Bugzilla SUSE Bug 1031485 https://bugzilla.suse.com/1031485
Bugzilla SUSE Bug 1052829 https://bugzilla.suse.com/1052829
CVE SUSE CVE CVE-2017-7753 page https://www.suse.com/security/cve/CVE-2017-7753/
CVE SUSE CVE CVE-2017-7779 page https://www.suse.com/security/cve/CVE-2017-7779/
CVE SUSE CVE CVE-2017-7782 page https://www.suse.com/security/cve/CVE-2017-7782/
CVE SUSE CVE CVE-2017-7784 page https://www.suse.com/security/cve/CVE-2017-7784/
CVE SUSE CVE CVE-2017-7785 page https://www.suse.com/security/cve/CVE-2017-7785/
CVE SUSE CVE CVE-2017-7786 page https://www.suse.com/security/cve/CVE-2017-7786/
CVE SUSE CVE CVE-2017-7787 page https://www.suse.com/security/cve/CVE-2017-7787/
CVE SUSE CVE CVE-2017-7791 page https://www.suse.com/security/cve/CVE-2017-7791/
CVE SUSE CVE CVE-2017-7792 page https://www.suse.com/security/cve/CVE-2017-7792/
CVE SUSE CVE CVE-2017-7798 page https://www.suse.com/security/cve/CVE-2017-7798/
CVE SUSE CVE CVE-2017-7800 page https://www.suse.com/security/cve/CVE-2017-7800/
CVE SUSE CVE CVE-2017-7801 page https://www.suse.com/security/cve/CVE-2017-7801/
CVE SUSE CVE CVE-2017-7802 page https://www.suse.com/security/cve/CVE-2017-7802/
CVE SUSE CVE CVE-2017-7803 page https://www.suse.com/security/cve/CVE-2017-7803/
CVE SUSE CVE CVE-2017-7804 page https://www.suse.com/security/cve/CVE-2017-7804/
CVE SUSE CVE CVE-2017-7807 page https://www.suse.com/security/cve/CVE-2017-7807/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=4 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-11&sp=3 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=4 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-11&sp=3 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox?arch=ppc64&distro=sles-11&sp=4 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 ppc64
Affected pkg:rpm/suse/MozillaFirefox?arch=ia64&distro=sles-11&sp=4 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 ia64
Affected pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=4 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 i586
Affected pkg:rpm/suse/MozillaFirefox?arch=i586&distro=sles-11&sp=3 suse MozillaFirefox < 52.3.0esr-72.9.1 sles-11 i586
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=4 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=x86_64&distro=sles-11&sp=3 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=4 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=s390x&distro=sles-11&sp=3 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=ppc64&distro=sles-11&sp=4 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 ppc64
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=ia64&distro=sles-11&sp=4 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 ia64
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=4 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 i586
Affected pkg:rpm/suse/MozillaFirefox-translations?arch=i586&distro=sles-11&sp=3 suse MozillaFirefox-translations < 52.3.0esr-72.9.1 sles-11 i586
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=x86_64&distro=sles-11&sp=4 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=x86_64&distro=sles-11&sp=3 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 x86_64
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=s390x&distro=sles-11&sp=4 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=s390x&distro=sles-11&sp=3 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 s390x
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=ppc64&distro=sles-11&sp=4 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 ppc64
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=ia64&distro=sles-11&sp=4 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 ia64
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=i586&distro=sles-11&sp=4 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 i586
Affected pkg:rpm/suse/MozillaFirefox-branding-SLED?arch=i586&distro=sles-11&sp=3 suse MozillaFirefox-branding-SLED < 52-24.5.1 sles-11 i586
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date