Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 648198 (MFSA-2017-19) - <www-client/firefox{,-bin}-52.3.0: multiple vulnerabilities (CVE-2017-{7753,7779,7784,7785,7786,7787,7791,7792,7798,7800,7801,7809,7802,7803,7807})
Summary: <www-client/firefox{,-bin}-52.3.0: multiple vulnerabilities (CVE-2017-{7753,7...
Alias: MFSA-2017-19
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa+ cve]
Depends on:
Reported: 2018-02-19 23:43 UTC by GLSAMaker/CVETool Bot
Modified: 2018-02-20 00:59 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-19 23:43:16 UTC
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-19 23:47:43 UTC
CVE-2017-7798: XUL injection in the style editor in devtools

CVE-2017-7800: Use-after-free in WebSockets during disconnection

CVE-2017-7801: Use-after-free with marquee during window resizing

CVE-2017-7809: Use-after-free while deleting attached editor DOM node

CVE-2017-7784: Use-after-free with image observers

CVE-2017-7802: Use-after-free resizing image elements

CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM

CVE-2017-7786: Buffer overflow while painting non-displayable SVG

CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements

CVE-2017-7787: Same-origin policy bypass with iframes through page reloads

CVE-2017-7807: Domain hijacking through AppCache fallback

CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID

CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts

CVE-2017-7803: CSP containing 'sandbox' improperly applied

CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2018-02-20 00:59:37 UTC
This issue was resolved and addressed in
 GLSA 201802-03 at
by GLSA coordinator Thomas Deutschmann (whissi).