| Beschreibung: | Summary:
The remote host is missing an update for the 'Mozilla'
package(s) announced via the referenced advisory.
Vulnerability Insight:
Mozilla Firefox was updated to Firefox 52.1.0esr.
The following vulnerabilities were fixed (bsc#1035082):
- CVE-2017-5443: Out-of-bounds write during BinHex decoding
- CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9,
and Firefox ESR 52.1
- CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
- CVE-2017-5465: Out-of-bounds read in ConvolvePixel
- CVE-2017-5466: Origin confusion when reloading isolated data:text/html
URL
- CVE-2017-5467: Memory corruption when drawing Skia content
- CVE-2017-5460: Use-after-free in frame selection
- CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
- CVE-2017-5449: Crash during bidirectional unicode manipulation with
animation
- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with
incorrect data
- CVE-2017-5447: Out-of-bounds read during glyph processing
- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content
The package is now following the ESR 52 branch:
- Enable plugin support by default
- service workers are disabled by default
- push notifications are disabled by default
- WebAssembly (wasm) is disabled
- Less use of multiprocess architecture Electrolysis (e10s)
Affected Software/OS:
Mozilla on openSUSE Leap 42.2, openSUSE Leap 42.1
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
