openSUSE Leap 42.2 Security Advisory SU-2017:1620-1 Important Mozilla Fix
opensuse
June 20, 2017
An update that fixes 26 vulnerabilities is now available
Description
This update for Mozilla Firefox, Thunderbird, and NSS fixes the following
issues:
Mozilla Firefox was updated to 52.2esr (boo#1043960) MFSA 2017-16:
* CVE-2017-5472 (bmo#1365602) Use-after-free using destroyed node when
regenerating trees
* CVE-2017-7749 (bmo#1355039) Use-after-free during docshell reloading
* CVE-2017-7750 (bmo#1356558) Use-after-free with track elements
* CVE-2017-7751 (bmo#1363396) Use-after-free with content viewer listeners * CVE-2017-7752 (bmo#1359547) Use-after-free with IME input
* CVE-2017-7754 (bmo#1357090) Out-of-bounds read in WebGL with ImageInfo
object
* CVE-2017-7755 (bmo#1361326) Privilege escalation through Firefox
Installer with same directory DLL files (Windows only)
* CVE-2017-7756 (bmo#1366595) Use-after-free and use-after-scope logging
XHR header errors * CVE-2017-7757 (bmo#1356824) Use-after-free in IndexedDB
* CVE-2017-7778, CVE-2017-7778, CVE-2017-7771, CVE-2017-7772,
...
Read the Full Advisory
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.2:
zypper in -t patch openSUSE-2017-712=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.2 (i586 x86_64):
MozillaFirefox-52.2-57.12.2
MozillaFirefox-branding-upstream-52.2-57.12.2
MozillaFirefox-buildsymbols-52.2-57.12.2
MozillaFirefox-debuginfo-52.2-57.12.2
MozillaFirefox-debugsource-52.2-57.12.2
MozillaFirefox-devel-52.2-57.12.2
MozillaFirefox-translations-common-52.2-57.12.2
MozillaFirefox-translations-other-52.2-57.12.2
MozillaThunderbird-52.2-41.9.2
MozillaThunderbird-buildsymbols-52.2-41.9.2
MozillaThunderbird-debuginfo-52.2-41.9.2
MozillaThunderbird-debugsource-52.2-41.9.2
MozillaThunderbird-devel-52.2-41.9.2
MozillaThunderbird-translations-common-52.2-41.9.2
MozillaThunderbird-translations-other-52.2-41.9.2
java-1_8_0-openjdk-1.8.0.131-10.10.3
java-1_8_0-openjdk-accessibility-1.8.0.131-10.10.3
java-1_8_0-openjdk-debuginfo-1.8.0.131-10.10.3
java-1_8_0-openjdk-debugsource-1.8.0.131-10.10.3
java-1_8_0-openjdk-demo-1.8.0.131-10.10.3
java-1_8_0-openjdk-demo-debuginfo-1.8.0.131-10.10.3
java-1_8_0-openjdk-devel-1.8.0.131-10.10.3
java-1_8_0-openjdk-devel-debuginfo-1.8.0.131-10...
Read the Full AdvisoryReferences
https://www.suse.com/security/cve/CVE-2017-5470.html
https://www.suse.com/security/cve/CVE-2017-5472.html
https://www.suse.com/security/cve/CVE-2017-7749.html
https://www.suse.com/security/cve/CVE-2017-7750.html
https://www.suse.com/security/cve/CVE-2017-7751.html
https://www.suse.com/security/cve/CVE-2017-7752.html
https://www.suse.com/security/cve/CVE-2017-7754.html
https://www.suse.com/security/cve/CVE-2017-7755.html
https://www.suse.com/security/cve/CVE-2017-7756.html
https://www.suse.com/security/cve/CVE-2017-7757.html
https://www.suse.com/security/cve/CVE-2017-7758.html
https://www.suse.com/security/cve/CVE-2017-7760.html
https://www.suse.com/security/cve/CVE-2017-7761.html
https://www.suse.com/security/cve/CVE-2017-7764.html
https://www.suse.com/security/cve/CVE-2017-7765.html
https://www.suse.com/security/cve/CVE-2017-7766.html
https://www.suse.com/security/cve/CVE-2017-7767.html
https://www.suse.com/security/cve/CVE-2017-7768.html
https://www.suse.com/security/cve/CVE-2017-7771.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2017:1620-1
Rating: important
Affected Products:
openSUSE Leap 42.2
.
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!