Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

openSUSE 42.2 & 42.1 Important: MozillaFirefox ASLR Issues

opensuse
Calendar Grey February 2, 2017
Dist Opensuse Esm H88
Crucial announcement for MozillaFirefox addressing 24 vulnerabilities in openSUSE. Key patch information provided.
An update that fixes 24 vulnerabilities is now available

Description

This update for MozillaFirefox to version 51.0.1 fixes security issues and

bugs.

These security issues were fixed:

* CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and

DEP (bmo#1325200, boo#1021814)

* CVE-2017-5376: Use-after-free in XSL (bmo#1311687, boo#1021817)

CVE-2017-5377: Memory corruption with transforms to create gradients in

Skia (bmo#1306883, boo#1021826)

* CVE-2017-5378: Pointer and frame data leakage of Javascript objects

(bmo#1312001, bmo#1330769, boo#1021818)

* CVE-2017-5379: Use-after-free in Web Animations (bmo#1309198,boo#1021827)

* CVE-2017-5380: Potential use-after-free during DOM manipulations

(bmo#1322107, boo#1021819)

* CVE-2017-5390: Insecure communication methods in Developer Tools JSON

viewer (bmo#1297361, boo#1021820)

* CVE-2017-5389: WebExtensions can install additional add-ons via modified

host requests (bmo#1308688, boo#1021828)

* CVE-2017-5396: Use-after-free with...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-187=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-187=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE Leap 42.2 (i586 x86_64):

MozillaFirefox-51.0.1-50.2

MozillaFirefox-branding-upstream-51.0.1-50.2

MozillaFirefox-buildsymbols-51.0.1-50.2

MozillaFirefox-debuginfo-51.0.1-50.2

MozillaFirefox-debugsource-51.0.1-50.2

MozillaFirefox-devel-51.0.1-50.2

MozillaFirefox-translations-common-51.0.1-50.2

MozillaFirefox-translations-other-51.0.1-50.2

- openSUSE Leap 42.1 (x86_64):

MozillaFirefox-51.0.1-50.2

MozillaFirefox-branding-upstream-51.0.1-50.2

MozillaFirefox-buildsymbols-51.0.1-50.2

MozillaFirefox-debuginfo-51.0.1-50.2

MozillaFirefox-debugsource-51.0.1-50.2

MozillaFirefox-devel-51.0.1-50.2

MozillaFirefox-translations-common-51.0.1-50.2

MozillaFirefox-translations-other-51.0.1-50.2

References

https://www.suse.com/security/cve/CVE-2017-5373.html

https://www.suse.com/security/cve/CVE-2017-5374.html

https://www.suse.com/security/cve/CVE-2017-5375.html

https://www.suse.com/security/cve/CVE-2017-5376.html

https://www.suse.com/security/cve/CVE-2017-5377.html

https://www.suse.com/security/cve/CVE-2017-5378.html

https://www.suse.com/security/cve/CVE-2017-5379.html

https://www.suse.com/security/cve/CVE-2017-5380.html

https://www.suse.com/security/cve/CVE-2017-5381.html

https://www.suse.com/security/cve/CVE-2017-5382.html

https://www.suse.com/security/cve/CVE-2017-5383.html

https://www.suse.com/security/cve/CVE-2017-5384.html

https://www.suse.com/security/cve/CVE-2017-5385.html

https://www.suse.com/security/cve/CVE-2017-5386.html

https://www.suse.com/security/cve/CVE-2017-5387.html

https://www.suse.com/security/cve/CVE-2017-5388.html

https://www.suse.com/security/cve/CVE-2017-5389.html

https://www.suse.com/security/cve/CVE-2017-5390.html

https://www.suse.com/security/cve/CVE-2017-5391.html

https://www....

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0358-1
Rating: important
Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.