FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 53.0_2,1
linux-seamonkey < 2.50
seamonkey < 2.50
46.0,1 <= firefox-esr < 52.1.0_2,1
firefox-esr < 45.9.0,1
46.0,2 <= linux-firefox < 52.1.0,2
linux-firefox < 45.9.0,2
46.0 <= libxul < 52.1.0
libxul < 45.9.0
46.0 <= linux-thunderbird < 52.1.0
linux-thunderbird < 45.9.0
46.0 <= thunderbird < 52.1.0
thunderbird < 45.9.0

Details

VuXML ID 5e0a038a-ca30-416d-a2f5-38cbf5e7df33
Discovery 2017-04-19
Entry 2017-04-19

Mozilla Foundation reports:

CVE-2017-5433: Use-after-free in SMIL animation functions

CVE-2017-5435: Use-after-free during transaction processing in the editor

CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2

CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS

CVE-2017-5459: Buffer overflow in WebGL

CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL

CVE-2017-5434: Use-after-free during focus handling

CVE-2017-5432: Use-after-free in text input selection

CVE-2017-5460: Use-after-free in frame selection

CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing

CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing

CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing

CVE-2017-5441: Use-after-free with selection during scroll events

CVE-2017-5442: Use-after-free during style changes

CVE-2017-5464: Memory corruption with accessibility and DOM manipulation

CVE-2017-5443: Out-of-bounds write during BinHex decoding

CVE-2017-5444: Buffer overflow while parsing application/http-index-format content

CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data

CVE-2017-5447: Out-of-bounds read during glyph processing

CVE-2017-5465: Out-of-bounds read in ConvolvePixel

CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

CVE-2017-5437: Vulnerabilities in Libevent library

CVE-2017-5454: Sandbox escape allowing file system read access through file picker

CVE-2017-5455: Sandbox escape through internal feed reader APIs

CVE-2017-5456: Sandbox escape allowing local file system access

CVE-2017-5469: Potential Buffer overflow in flex-generated code

CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content

CVE-2017-5449: Crash during bidirectional unicode manipulation with animation

CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android

CVE-2017-5451: Addressbar spoofing with onblur event

CVE-2017-5462: DRBG flaw in NSS

CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android

CVE-2017-5467: Memory corruption when drawing Skia content

CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android

CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element

CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS

CVE-2017-5468: Incorrect ownership model for Private Browsing information

CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1

CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

References

CVE Name CVE-2017-5429
CVE Name CVE-2017-5430
CVE Name CVE-2017-5432
CVE Name CVE-2017-5433
CVE Name CVE-2017-5434
CVE Name CVE-2017-5435
CVE Name CVE-2017-5436
CVE Name CVE-2017-5437
CVE Name CVE-2017-5438
CVE Name CVE-2017-5439
CVE Name CVE-2017-5440
CVE Name CVE-2017-5441
CVE Name CVE-2017-5442
CVE Name CVE-2017-5443
CVE Name CVE-2017-5444
CVE Name CVE-2017-5445
CVE Name CVE-2017-5446
CVE Name CVE-2017-5447
CVE Name CVE-2017-5448
CVE Name CVE-2017-5449
CVE Name CVE-2017-5450
CVE Name CVE-2017-5451
CVE Name CVE-2017-5452
CVE Name CVE-2017-5453
CVE Name CVE-2017-5454
CVE Name CVE-2017-5455
CVE Name CVE-2017-5456
CVE Name CVE-2017-5458
CVE Name CVE-2017-5459
CVE Name CVE-2017-5460
CVE Name CVE-2017-5461
CVE Name CVE-2017-5462
CVE Name CVE-2017-5463
CVE Name CVE-2017-5464
CVE Name CVE-2017-5465
CVE Name CVE-2017-5466
CVE Name CVE-2017-5467
CVE Name CVE-2017-5468
CVE Name CVE-2017-5469
URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/