Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 648198 (MFSA-2017-19)

Summary: <www-client/firefox{,-bin}-52.3.0: multiple vulnerabilities (CVE-2017-{7753,7779,7784,7785,7786,7787,7791,7792,7798,7800,7801,7809,7802,7803,7807})
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: A2 [glsa+ cve]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-19 23:43:16 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-19 23:47:43 UTC
CVE-2017-7798: XUL injection in the style editor in devtools

CVE-2017-7800: Use-after-free in WebSockets during disconnection

CVE-2017-7801: Use-after-free with marquee during window resizing

CVE-2017-7809: Use-after-free while deleting attached editor DOM node

CVE-2017-7784: Use-after-free with image observers

CVE-2017-7802: Use-after-free resizing image elements

CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM

CVE-2017-7786: Buffer overflow while painting non-displayable SVG

CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements

CVE-2017-7787: Same-origin policy bypass with iframes through page reloads

CVE-2017-7807: Domain hijacking through AppCache fallback

CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID

CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts

CVE-2017-7803: CSP containing 'sandbox' improperly applied

CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-02-20 00:59:37 UTC
This issue was resolved and addressed in
 GLSA 201802-03 at
by GLSA coordinator Thomas Deutschmann (whissi).