| Summary: | <www-client/firefox{,-bin}-52.3.0: multiple vulnerabilities (CVE-2017-{7753,7779,7784,7785,7786,7787,7791,7792,7798,7800,7801,7809,7802,7803,7807}) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.mozilla.org/en-US/security/advisories/mfsa2017-19/ | ||
| See Also: | https://bugs.gentoo.org/show_bug.cgi?id=627376 | ||
| Whiteboard: | A2 [glsa+ cve] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
GLSAMaker/CVETool Bot
2018-02-19 23:43:16 UTC
CVE-2017-7798: XUL injection in the style editor in devtools CVE-2017-7800: Use-after-free in WebSockets during disconnection CVE-2017-7801: Use-after-free with marquee during window resizing CVE-2017-7809: Use-after-free while deleting attached editor DOM node CVE-2017-7784: Use-after-free with image observers CVE-2017-7802: Use-after-free resizing image elements CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM CVE-2017-7786: Buffer overflow while painting non-displayable SVG CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements CVE-2017-7787: Same-origin policy bypass with iframes through page reloads CVE-2017-7807: Domain hijacking through AppCache fallback CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts CVE-2017-7803: CSP containing 'sandbox' improperly applied CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 This issue was resolved and addressed in GLSA 201802-03 at https://security.gentoo.org/glsa/201802-03 by GLSA coordinator Thomas Deutschmann (whissi). |