Univention Bugzilla – Bug 45611
firefox-esr: Multiple Issues (4.2)
Last modified: 2018-01-31 16:58:19 CET
Upstream Debian package version 52.4.0esr-1~deb8u1 fixes: * Use-after-free with Fetch API (CVE-2017-7793) * Use-after-free in TLS 1.2 generating handshake hashes (CVE-2017-7805) * Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 (CVE-2017-7810) * Blob and data URLs bypass phishing and malware protection warnings (CVE-2017-7814) * Use-after-free during ARIA array manipulation (CVE-2017-7818) * Use-after-free while resizing images in design mode (CVE-2017-7819) * CSP sandbox directive did not create a unique origin (CVE-2017-7823) * Buffer overflow when drawing and validating elements with ANGLE (CVE-2017-7824)
Upstream Debian package version 52.5.0esr-1~deb8u1 fixes: * Use-after-free of PressShell while restyling layout (CVE-2017-7828) * Cross-origin URL information leak through Resource Timing API (CVE-2017-7830) * Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5 (CVE-2017-7826)
Upstream Debian package version 52.5.2esr-1~deb8u1 fixes: * Web worker in Private Browsing mode can write IndexedDB data (CVE-2017-7843)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
*** Bug 46170 has been marked as a duplicate of this bug. ***
firefox-esr (52.6.0esr-1~deb8u1) * CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6 (MFSA 2018-03) * CVE-2018-5091: Use-after-free with DTMF timers (MFSA 2018-03) * CVE-2018-5095: Integer overflow in Skia library during edge builder allocation (MFSA 2018-03) * CVE-2018-5096: Use-after-free while editing form elements (MFSA 2018-03) * CVE-2018-5097: Use-after-free when source document is manipulated during XSLT (MFSA 2018-03) * CVE-2018-5098: Use-after-free while manipulating form input elements (MFSA 2018-03) * CVE-2018-5099: Use-after-free with widget listener (MFSA 2018-03) * CVE-2018-5102: Use-after-free in HTML media elements (MFSA 2018-03) * CVE-2018-5103: Use-after-free during mouse event handling (MFSA 2018-03) * CVE-2018-5104: Use-after-free during font face manipulation (MFSA 2018-03) * CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right (MFSA 2018-03) 3f7daf1289 Bug #46170: firefox-esr 0c94241321 Bug #45611: firefox-esr
YAML: OK Build: OK (no patches) Tests: OK, firefox works. I've also created a test appliance which works like expected.
<http://errata.software-univention.de/ucs/4.2/274.html>