Bug 45611 - firefox-esr: Multiple Issues (4.2)
firefox-esr: Multiple Issues (4.2)
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.2
Other Linux
: P5 normal (vote)
: UCS 4.2-3-errata
Assigned To: Philipp Hahn
Stefan Gohmann
: 46170 (view as bug list)
Depends on:
  Show dependency treegraph
Reported: 2017-10-30 14:13 CET by Arvid Requate
Modified: 2018-01-31 16:58 CET (History)
1 user (show)

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score: 8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)


Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2017-10-30 14:13:30 CET
Upstream Debian package version 52.4.0esr-1~deb8u1 fixes:

* Use-after-free with Fetch API (CVE-2017-7793)
* Use-after-free in TLS 1.2 generating handshake hashes (CVE-2017-7805)
* Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 (CVE-2017-7810)
* Blob and data URLs bypass phishing and malware protection warnings (CVE-2017-7814)
* Use-after-free during ARIA array manipulation (CVE-2017-7818)
* Use-after-free while resizing images in design mode (CVE-2017-7819)
* CSP sandbox directive did not create a unique origin (CVE-2017-7823)
* Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)
Comment 1 Arvid Requate univentionstaff 2017-11-20 16:09:57 CET
Upstream Debian package version 52.5.0esr-1~deb8u1 fixes:

* Use-after-free of PressShell while restyling layout (CVE-2017-7828)
* Cross-origin URL information leak through Resource Timing API (CVE-2017-7830)
* Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 (CVE-2017-7826)
Comment 2 Arvid Requate univentionstaff 2017-12-11 11:48:07 CET
Upstream Debian package version 52.5.2esr-1~deb8u1 fixes:

* Web worker in Private Browsing mode can write IndexedDB data (CVE-2017-7843)
Comment 3 Philipp Hahn univentionstaff 2018-01-25 10:59:37 CET
Mass-import from Debian-Security:
  python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553

YAML: git:bd6159834a..449aa5a7cf
Comment 4 Philipp Hahn univentionstaff 2018-01-25 14:59:59 CET
*** Bug 46170 has been marked as a duplicate of this bug. ***
Comment 5 Philipp Hahn univentionstaff 2018-01-25 15:01:20 CET
firefox-esr (52.6.0esr-1~deb8u1)

* CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03)
* CVE-2018-5091: Use-after-free with DTMF timers (MFSA 2018-03)
* CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03)
* CVE-2018-5096: Use-after-free while editing form elements (MFSA 2018-03)
* CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03)
* CVE-2018-5098: Use-after-free while manipulating form input elements (MFSA 2018-03)
* CVE-2018-5099: Use-after-free with widget listener (MFSA 2018-03)
* CVE-2018-5102: Use-after-free in HTML media elements (MFSA 2018-03)
* CVE-2018-5103: Use-after-free during mouse event handling (MFSA 2018-03)
* CVE-2018-5104: Use-after-free during font face manipulation (MFSA 2018-03)
* CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03)

3f7daf1289 Bug #46170: firefox-esr
0c94241321 Bug #45611: firefox-esr
Comment 6 Stefan Gohmann univentionstaff 2018-01-30 11:39:42 CET

Build: OK (no patches)

Tests: OK, firefox works. I've also created a test appliance which works like expected.
Comment 7 Arvid Requate univentionstaff 2018-01-31 16:58:19 CET