1 ------------------------------------------------------------------- |
1 ------------------------------------------------------------------- |
2 Mon Apr 17 07:05:43 UTC 2017 - wr@rosenauer.org |
2 Wed Apr 12 21:43:16 UTC 2017 - wr@rosenauer.org |
3 |
3 |
4 - update to Firefox 52.1.0esr |
4 - update to Firefox 52.1.0esr (boo#1035082) |
|
5 MFSA 2017-12 |
|
6 * CVE-2017-5443 (bmo#1342661) |
|
7 Out-of-bounds write during BinHex decoding |
|
8 * CVE-2017-5429 (bmo#1341096, bmo#1342823, bmo#1343261, bmo#1348894, |
|
9 bmo#1348941, bmo#1349340, bmo#1350844, bmo#1352926, bmo#1353088) |
|
10 Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and |
|
11 Firefox ESR 52.1 |
|
12 * CVE-2017-5464 (bmo#1347075) |
|
13 Memory corruption with accessibility and DOM manipulation |
|
14 * CVE-2017-5465 (bmo#1347617) |
|
15 Out-of-bounds read in ConvolvePixel |
|
16 * CVE-2017-5466 (bmo#1353975) |
|
17 Origin confusion when reloading isolated data:text/html URL |
|
18 * CVE-2017-5467 (bmo#1347262) |
|
19 Memory corruption when drawing Skia content |
|
20 * CVE-2017-5460 (bmo#1343642) |
|
21 Use-after-free in frame selection |
|
22 * CVE-2017-5461 (bmo#1344380) |
|
23 Out-of-bounds write in Base64 encoding in NSS |
|
24 * CVE-2017-5448 (bmo#1346648) |
|
25 Out-of-bounds write in ClearKeyDecryptor |
|
26 * CVE-2017-5449 (bmo#1340127) |
|
27 Crash during bidirectional unicode manipulation with animation |
|
28 * CVE-2017-5446 (bmo#1343505) |
|
29 Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data |
|
30 * CVE-2017-5447 (bmo#1343552) |
|
31 Out-of-bounds read during glyph processing |
|
32 * CVE-2017-5444 (bmo#1344461) |
|
33 Buffer overflow while parsing application/http-index-format content |
|
34 * CVE-2017-5445 (bmo#1344467) |
|
35 Uninitialized values used while parsing application/http-index-format |
|
36 content |
|
37 * CVE-2017-5442 (bmo#1347979) |
|
38 Use-after-free during style changes |
|
39 * CVE-2017-5469 (bmo#1292534) |
|
40 Potential Buffer overflow in flex-generated code |
|
41 * CVE-2017-5440 (bmo#1336832) |
|
42 Use-after-free in txExecutionState destructor during XSLT processing |
|
43 * CVE-2017-5441 (bmo#1343795) |
|
44 Use-after-free with selection during scroll events |
|
45 * CVE-2017-5439 (bmo#1336830) |
|
46 Use-after-free in nsTArray Length() during XSLT processing |
|
47 * CVE-2017-5438 (bmo#1336828) |
|
48 Use-after-free in nsAutoPtr during XSLT processing |
|
49 * CVE-2017-5437 (bmo#1343453) |
|
50 Vulnerabilities in Libevent library |
|
51 * CVE-2017-5436 (bmo#1345461) |
|
52 Out-of-bounds write with malicious font in Graphite 2 |
|
53 * CVE-2017-5435 (bmo#1350683) |
|
54 Use-after-free during transaction processing in the editor |
|
55 * CVE-2017-5434 (bmo#1349946) |
|
56 Use-after-free during focus handling |
|
57 * CVE-2017-5433 (bmo#1347168) |
|
58 Use-after-free in SMIL animation functions |
|
59 * CVE-2017-5432 (bmo#1346654) |
|
60 Use-after-free in text input selection |
|
61 * CVE-2017-5430 (bmo#1329796, bmo#1337418, bmo#1339722, bmo#1340482, |
|
62 bmo#1342101, bmo#1344081, bmo#1344305, bmo#1344686, bmo#1346140, |
|
63 bmo#1346419, bmo#1348143, bmo#1349621, bmo#1349719, bmo#1353476) |
|
64 Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 |
|
65 * CVE-2017-5459 (bmo#1333858) |
|
66 Buffer overflow in WebGL |
|
67 * CVE-2017-5462 (bmo#1345089) |
|
68 DRBG flaw in NSS |
|
69 * CVE-2017-5455 (bmo#1341191) |
|
70 Sandbox escape through internal feed reader APIs |
|
71 * CVE-2017-5454 (bmo#1349276) |
|
72 Sandbox escape allowing file system read access through file |
|
73 picker |
|
74 * CVE-2017-5456 (bmo#1344415) |
|
75 Sandbox escape allowing local file system access |
|
76 * CVE-2017-5451 (bmo#1273537) |
|
77 Addressbar spoofing with onblur event |
5 - requires NSS 3.28.4 |
78 - requires NSS 3.28.4 |
6 - rebased patches |
79 - rebased patches |
7 |
80 |
8 ------------------------------------------------------------------- |
81 ------------------------------------------------------------------- |
9 Mon Apr 3 06:29:43 UTC 2017 - wr@rosenauer.org |
82 Mon Apr 3 06:29:43 UTC 2017 - wr@rosenauer.org |