Univention Bugzilla – Bug 44858
firefox-esr: Security issues from 45.9.0esr..52.3.0esr (4.2)
Last modified: 2017-08-16 12:44:24 CEST
Upstream Debian package version 52.2.0esr-1~deb7u1 fixes all of the following: Firefox ESR 52.0.1 fixes the following issue: * CVE-2017-5428: integer overflow in createImageBitmap() Firefox ESR 52.1 fixes the following issues: * CVE-2017-5433: Use-after-free in SMIL animation functions * CVE-2017-5435: Use-after-free during transaction processing in the editor * CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 * CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS * CVE-2017-5459: Buffer overflow in WebGL * CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL * CVE-2017-5434: Use-after-free during focus handling * CVE-2017-5432: Use-after-free in text input selection * CVE-2017-5460: Use-after-free in frame selection * CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing * CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing * CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing * CVE-2017-5441: Use-after-free with selection during scroll events * CVE-2017-5442: Use-after-free during style changes * CVE-2017-5464: Memory corruption with accessibility and DOM manipulation * CVE-2017-5443: Out-of-bounds write during BinHex decoding * CVE-2017-5444: Buffer overflow while parsing application/http-index-format content * CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data * CVE-2017-5447: Out-of-bounds read during glyph processing * CVE-2017-5465: Out-of-bounds read in ConvolvePixel * CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor * CVE-2016-10196: Vulnerabilities in Libevent library * CVE-2017-5454: Sandbox escape allowing file system read access through file picker * CVE-2017-5455: Sandbox escape through internal feed reader APIs * CVE-2017-5456: Sandbox escape allowing local file system access * CVE-2017-5469: Potential Buffer overflow in flex-generated code * CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content * CVE-2017-5449: Crash during bidirectional unicode manipulation with animation * CVE-2017-5451: Addressbar spoofing with onblur event * CVE-2017-5462: DRBG flaw in NSS * CVE-2017-5467: Memory corruption when drawing Skia content * CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 * CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 Firefox ESR 52.1.1 fixes the following issue: * CVE-2017-5031: Use after free in ANGLE Firefox ESR 52.2 fixes the following issues: * CVE-2017-5472: Use-after-free using destroyed node when regenerating trees * CVE-2017-7749: Use-after-free during docshell reloading * CVE-2017-7750: Use-after-free with track elements * CVE-2017-7751: Use-after-free with content viewer listeners * CVE-2017-7752: Use-after-free with IME input * CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object * CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files * CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors * CVE-2017-7757: Use-after-free in IndexedDB * CVE-2017-7778: Vulnerabilities in the Graphite 2 library * CVE-2017-7758: Out-of-bounds read in Opus encoder * CVE-2017-7760: File manipulation and privilege escalation via callback parameter in Mozilla Windows Updater and Maintenance Service * CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application * CVE-2017-7763: Mac fonts render some unicode characters as spaces * CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks * CVE-2017-7765: Mark of the Web bypass when saving executable files * CVE-2017-7766: File execution and privilege escalation through updater.ini, Mozilla Windows Updater, and Mozilla Maintenance Service * CVE-2017-7767: Privilege escalation and arbitrary file overwrites through Mozilla Windows Updater and Mozilla Maintenance Service * CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service * CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2
Upstream Debian package version 52.3.0esr-1~deb8u1 fixes all of the following: * Out-of-bounds read with cached style data and pseudo-elements (CVE-2017-7753) * Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3 (CVE-2017-7779) * Use-after-free with image observers (CVE-2017-7784) * Buffer overflow manipulating ARIA attributes in DOM (CVE-2017-7785) * Buffer overflow while painting non-displayable SVG (CVE-2017-7786) * Same-origin policy bypass with iframes through page reloads (CVE-2017-7787) * Spoofing following page navigation with data: protocol and modal alerts (CVE-2017-7791) * Buffer overflow viewing certificates with an extremely long OID (CVE-2017-7792) * XUL injection in the style editor in devtools (CVE-2017-7798) * Use-after-free in WebSockets during disconnection (CVE-2017-7800) * Use-after-free with marquee during window resizing (CVE-2017-7801) * Use-after-free resizing image elements (CVE-2017-7802) * CSP containing 'sandbox' improperly applied (CVE-2017-7803) * Domain hijacking through AppCache fallback (CVE-2017-7807) * Use-after-free while deleting attached editor DOM node (CVE-2017-7809)
I've imported Debian upstream binary package 52.2.0esr-1~deb8u1 via ========================================================================= debian_package="firefox-esr" svn_checkout=~/svn/dev/branches repong_checkout="$svn_checkout/ucs-3.2/internal/repo-ng" errata_checkout="$svn_checkout/ucs-4.2/ucs-4.2-1/doc/errata" svn up "$repong_checkout" svn up "$errata_checkout" mkdir -p "/tmp/$USER" python -m univention.repong.debmirror \ --errata "$errata_checkout" \ --sql -vvvv --work "/tmp/$USER/work.yaml" \ --overwrite \ "$repong_checkout/mirror/update_ucs42_mirror_from_debian.tsv" \ --save="/tmp/$USER/repo-debmirror.pickle" \ --process COPY \ --package "$debian_package" ========================================================================= Advisory: ucs-4.2-1/doc/errata/staging/firefox-esr.yaml
Reopen: comment 1 mentions 52.3.0esr-1~deb8u1, but the imported version is 52.2.0esr-1~deb8u1 The yaml however mentions the fixes from the 52.3 version.
Ok, firefox-esr has a new dependency on libjsoncpp0 which was unmaintained. I've added it to svn/triggers/ucs_4.2-0-ucs4.2-1.txt and rebuilt the maintained packages lists using the corresponding Jenkins job. For QA I've annonced the scope to the test repo. In a test-VM in can be activated by running: eval "$(ucr shell)" component="repository/online/component/${version_version}-${version_patchlevel}-errata-test" ucr set "$component"/description="Preview errata updates for UCS ${version_version}-${version_patchlevel}" \ "$component"/version="${version_version}" \ "$component"/server=apt.knut.univention.de \ "$component"=enabled Possibly repository credentials are required too.
Additional Advisory: libjsoncpp.yaml
OK: libjsoncpp.yaml OK: firefox-esr.yaml OK: package installation OK: system setup run (setup new master) with updated package Verified
<http://errata.software-univention.de/ucs/4.2/136.html> <http://errata.software-univention.de/ucs/4.2/137.html>