FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 51.0_1,1
linux-seamonkey < 2.48
seamonkey < 2.48
firefox-esr < 45.7.0,1
linux-firefox < 45.7.0,2
libxul < 45.7.0
linux-thunderbird < 45.7.0
thunderbird < 45.7.0

Details

VuXML ID e60169c4-aa86-46b0-8ae2-0d81f683df09
Discovery 2017-01-24
Entry 2017-01-24

Mozilla Foundation reports:

CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7

CVE-2017-5374: Memory safety bugs fixed in Firefox 51

CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP

CVE-2017-5376: Use-after-free in XSL

CVE-2017-5377: Memory corruption with transforms to create gradients in Skia

CVE-2017-5378: Pointer and frame data leakage of Javascript objects

CVE-2017-5379: Use-after-free in Web Animations

CVE-2017-5380: Potential use-after-free during DOM manipulations

CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations

CVE-2017-5382: Feed preview can expose privileged content errors and exceptions

CVE-2017-5383: Location bar spoofing with unicode characters

CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)

CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers

CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions

CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages

CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks

CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests

CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer

CVE-2017-5391: Content about: pages can load privileged about: pages

CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage

CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager

CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events

CVE-2017-5395: Android location bar spoofing during scrolling

CVE-2017-5396: Use-after-free with Media Decoder

References

CVE Name CVE-2017-5373
CVE Name CVE-2017-5374
CVE Name CVE-2017-5375
CVE Name CVE-2017-5376
CVE Name CVE-2017-5377
CVE Name CVE-2017-5378
CVE Name CVE-2017-5379
CVE Name CVE-2017-5380
CVE Name CVE-2017-5381
CVE Name CVE-2017-5382
CVE Name CVE-2017-5383
CVE Name CVE-2017-5384
CVE Name CVE-2017-5385
CVE Name CVE-2017-5386
CVE Name CVE-2017-5387
CVE Name CVE-2017-5388
CVE Name CVE-2017-5389
CVE Name CVE-2017-5390
CVE Name CVE-2017-5391
CVE Name CVE-2017-5392
CVE Name CVE-2017-5393
CVE Name CVE-2017-5394
CVE Name CVE-2017-5395
CVE Name CVE-2017-5396
URL https://www.mozilla.org/security/advisories/mfsa2017-01/
URL https://www.mozilla.org/security/advisories/mfsa2017-02/