Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mozilla Firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mozilla Firefox
ID: openSUSE-SU-2017:0358-1
Distribution: SUSE
Plattformen: openSUSE Leap 42.1, openSUSE Leap 42.2
Datum: Do, 2. Februar 2017, 06:50
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5392
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5385
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5379
Applikationen: Mozilla Firefox

Originalnachricht

 
   openSUSE Security Update: Security update for MozillaFirefox
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:0358-1
Rating:             important
References:         #1017174 #1021814 #1021817 #1021818 #1021819 
                    #1021820 #1021821 #1021822 #1021823 #1021824 
                    #1021826 #1021827 #1021828 #1021830 #1021831 
                    #1021832 #1021833 #1021835 #1021837 #1021839 
                    #1021840 #1021841 
Cross-References:   CVE-2017-5373 CVE-2017-5374 CVE-2017-5375
                    CVE-2017-5376 CVE-2017-5377 CVE-2017-5378
                    CVE-2017-5379 CVE-2017-5380 CVE-2017-5381
                    CVE-2017-5382 CVE-2017-5383 CVE-2017-5384
                    CVE-2017-5385 CVE-2017-5386 CVE-2017-5387
                    CVE-2017-5388 CVE-2017-5389 CVE-2017-5390
                    CVE-2017-5391 CVE-2017-5392 CVE-2017-5393
                    CVE-2017-5394 CVE-2017-5395 CVE-2017-5396
                   
Affected Products:
                    openSUSE Leap 42.2
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes 24 vulnerabilities is now available.

Description:

   This update for MozillaFirefox to version 51.0.1 fixes security issues and
   bugs.

   These security issues were fixed:

   * CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and
     DEP (bmo#1325200, boo#1021814)
   * CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)
     CVE-2017-5377: Memory corruption with transforms to create gradients in
     Skia (bmo#1306883, boo#1021826)
   * CVE-2017-5378: Pointer and frame data leakage of Javascript objects
     (bmo#1312001, bmo#1330769, boo#1021818)
   * CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)
   * CVE-2017-5380: Potential use-after-free during DOM manipulations
     (bmo#1322107, boo#1021819)
   * CVE-2017-5390: Insecure communication methods in Developer Tools JSON
     viewer (bmo#1297361, boo#1021820)
   * CVE-2017-5389: WebExtensions can install additional add-ons via modified
     host requests (bmo#1308688, boo#1021828)
   * CVE-2017-5396: Use-after-free with Media Decoder (bmo#1329403,
     boo#1021821)
   * CVE-2017-5381: Certificate Viewer exporting can be used to navigate and
     save to arbitrary filesystem locations (bmo#1017616, boo#1021830)
   * CVE-2017-5382: Feed preview can expose privileged content errors and
     exceptions (bmo#1295322, boo#1021831)
   * CVE-2017-5383: Location bar spoofing with unicode characters
     (bmo#1323338, bmo#1324716, boo#1021822)
   * CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
     (bmo#1255474, boo#1021832)
   * CVE-2017-5385: Data sent in multipart channels ignores referrer-policy
     response headers (bmo#1295945, boo#1021833)
   * CVE-2017-5386: WebExtensions can use data: protocol to affect other
     extensions (bmo#1319070, boo#1021823)
   * CVE-2017-5391: Content about: pages can load privileged about: pages
     (bmo#1309310, boo#1021835)
   * CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for
     mozAddonManager (bmo#1309282, boo#1021837)
   * CVE-2017-5387: Disclosure of local file existence through TRACK tag
     error messages (bmo#1295023, boo#1021839)
   * CVE-2017-5388: WebRTC can be used to generate a large amount of UDP
     traffic for DDOS attacks (bmo#1281482, boo#1021840)
   * CVE-2017-5374: Memory safety bugs (boo#1021841)
   * CVE-2017-5373: Memory safety bugs (boo#1021824)

   These non-security issues in MozillaFirefox were fixed:

   * Added support for FLAC (Free Lossless Audio Codec) playback
   * Added support for WebGL 2
   * Added Georgian (ka) and Kabyle (kab) locales
   * Support saving passwords for forms without 'submit' events
   * Improved video performance for users without GPU acceleration
   * Zoom indicator is shown in the URL bar if the zoom level is not at
     default level
   * View passwords from the prompt before saving them
   * Remove Belarusian (be) locale
   * Use Skia for content rendering (Linux)
   * Improve recognition of LANGUAGE env variable (boo#1017174)
   * Multiprocess incompatibility did not correctly register with some
     add-ons (bmo#1333423)


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.2:

      zypper in -t patch openSUSE-2017-187=1

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2017-187=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.2 (i586 x86_64):

      MozillaFirefox-51.0.1-50.2
      MozillaFirefox-branding-upstream-51.0.1-50.2
      MozillaFirefox-buildsymbols-51.0.1-50.2
      MozillaFirefox-debuginfo-51.0.1-50.2
      MozillaFirefox-debugsource-51.0.1-50.2
      MozillaFirefox-devel-51.0.1-50.2
      MozillaFirefox-translations-common-51.0.1-50.2
      MozillaFirefox-translations-other-51.0.1-50.2

   - openSUSE Leap 42.1 (x86_64):

      MozillaFirefox-51.0.1-50.2
      MozillaFirefox-branding-upstream-51.0.1-50.2
      MozillaFirefox-buildsymbols-51.0.1-50.2
      MozillaFirefox-debuginfo-51.0.1-50.2
      MozillaFirefox-debugsource-51.0.1-50.2
      MozillaFirefox-devel-51.0.1-50.2
      MozillaFirefox-translations-common-51.0.1-50.2
      MozillaFirefox-translations-other-51.0.1-50.2


References:

   https://www.suse.com/security/cve/CVE-2017-5373.html
   https://www.suse.com/security/cve/CVE-2017-5374.html
   https://www.suse.com/security/cve/CVE-2017-5375.html
   https://www.suse.com/security/cve/CVE-2017-5376.html
   https://www.suse.com/security/cve/CVE-2017-5377.html
   https://www.suse.com/security/cve/CVE-2017-5378.html
   https://www.suse.com/security/cve/CVE-2017-5379.html
   https://www.suse.com/security/cve/CVE-2017-5380.html
   https://www.suse.com/security/cve/CVE-2017-5381.html
   https://www.suse.com/security/cve/CVE-2017-5382.html
   https://www.suse.com/security/cve/CVE-2017-5383.html
   https://www.suse.com/security/cve/CVE-2017-5384.html
   https://www.suse.com/security/cve/CVE-2017-5385.html
   https://www.suse.com/security/cve/CVE-2017-5386.html
   https://www.suse.com/security/cve/CVE-2017-5387.html
   https://www.suse.com/security/cve/CVE-2017-5388.html
   https://www.suse.com/security/cve/CVE-2017-5389.html
   https://www.suse.com/security/cve/CVE-2017-5390.html
   https://www.suse.com/security/cve/CVE-2017-5391.html
   https://www.suse.com/security/cve/CVE-2017-5392.html
   https://www.suse.com/security/cve/CVE-2017-5393.html
   https://www.suse.com/security/cve/CVE-2017-5394.html
   https://www.suse.com/security/cve/CVE-2017-5395.html
   https://www.suse.com/security/cve/CVE-2017-5396.html
   https://bugzilla.suse.com/1017174
   https://bugzilla.suse.com/1021814
   https://bugzilla.suse.com/1021817
   https://bugzilla.suse.com/1021818
   https://bugzilla.suse.com/1021819
   https://bugzilla.suse.com/1021820
   https://bugzilla.suse.com/1021821
   https://bugzilla.suse.com/1021822
   https://bugzilla.suse.com/1021823
   https://bugzilla.suse.com/1021824
   https://bugzilla.suse.com/1021826
   https://bugzilla.suse.com/1021827
   https://bugzilla.suse.com/1021828
   https://bugzilla.suse.com/1021830
   https://bugzilla.suse.com/1021831
   https://bugzilla.suse.com/1021832
   https://bugzilla.suse.com/1021833
   https://bugzilla.suse.com/1021835
   https://bugzilla.suse.com/1021837
   https://bugzilla.suse.com/1021839
   https://bugzilla.suse.com/1021840
   https://bugzilla.suse.com/1021841

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung