[3.5] firefox-esr: Multiple vulnerabilities (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401, CVE-2017-5402, CVE-2017-5404, CVE-2017-5405, CVE-2017-5407, CVE-2017-5408, CVE-2017-5409, CVE....CVE-2017-5469)ID: oval:org.secpod.oval:def:1800751 | Date: (C)2018-03-28 (M)2023-12-07 |
Class: PATCH | Family: unix |
CVE-2017-5400: asm.js JIT-spray bypass of ASLR and DEP CVE-2017-5401: Memory Corruption when handling ErrorResult CVE-2017-5402: Use-after-free working with events in FontFace objects CVE-2017-5404: Use-after-free working with ranges in selections CVE-2017-5407: Pixel and history stealing via floating-point timing side channel with SVG filters CVE-2017-5410: Memory corruption during JavaScript garbage collection incremental sweeping CVE-2017-5409: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service CVE-2017-5408: Cross-origin reading of video captions in violation of CORS CVE-2017-5405: FTP response codes can cause use of uninitialized values for ports CVE-2017-5398: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 Fixed in Firefox ESR 45.8 Reference CVE-2017-5429: Memory safety bugs CVE-2017-5432: Use-after-free in text input selection CVE-2017-5433: Use-after-free in SMIL animation functions CVE-2017-5434: Use-after-free during focus handling CVE-2017-5435: Use-after-free during transaction processing in the editor CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 CVE-2017-5437: Vulnerabilities in Libevent library CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing CVE-2017-5439: Use-after-free in nsTArray Length during XSLT processing CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing CVE-2017-5441: Use-after-free with selection during scroll events CVE-2017-5442: Use-after-free during style changes CVE-2017-5443: Out-of-bounds write during BinHex decoding CVE-2017-5444: Buffer overflow while parsing application/ content CVE-2017-5445: Uninitialized values used while parsing application/ content CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data CVE-2017-5447: Out-of-bounds read during glyph processing CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor CVE-2017-5459: Buffer overflow in WebGL CVE-2017-5460: Use-after-free in frame selection CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS CVE-2017-5462: DRBG flaw in NSS CVE-2017-5464: Memory corruption with accessibility and DOM manipulation CVE-2017-5465: Out-of-bounds read in ConvolvePixel CVE-2017-5469: Potential Buffer overflow in flex-generated code Fixed in: Firefox ESR 45.9 Reference:
Platform: |
Alpine Linux 3.5 |