Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

SUSE: 2017:2302-1 Important: MozillaFirefox Security Fixes Overview

suse
Calendar Grey August 30, 2017
Dist Suse Esm H88
Crucial security patch released for MozillaFirefox addresses 16 vulnerabilities in multiple SUSE offerings. Review installation instructions.
An update that fixes 16 vulnerabilities is now available

Summary

Mozilla Firefox was updated to the ESR 52.3 release (bsc#1052829) Following security issues were fixed: * MFSA 2017-19/CVE-2017-7807: Domain hijacking through AppCache fallback * MFSA 2017-19/CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts * MFSA 2017-19/CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID * MFSA 2017-19/CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections * MFSA 2017-19/CVE-2017-7787: Same-origin policy bypass with iframes through page reloads * MFSA 2017-19/CVE-2017-7786: Buffer overflow while painting non-displayable SVG * MFSA 2017-19/CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM

References

#1031485 #1052829

Cross- CVE-2017-7753 CVE-2017-7779 CVE-2017-7782

CVE-2017-7784 CVE-2017-7785 CVE-2017-7786

CVE-2017-7787 CVE-2017-7791 CVE-2017-7792

CVE-2017-7798 CVE-2017-7800 CVE-2017-7801

CVE-2017-7802 CVE-2017-7803 CVE-2017-7804

CVE-2017-7807

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-SP3-LTSS

SUSE Linux Enterprise Point of Sale 11-SP3

SUSE Linux Enterprise Debuginfo 11-SP4

SUSE Linux Enterprise Debuginfo 11-SP3

https://www.suse.com/security/cve/CVE-2017-7753.html

https://www.suse.com/security/cve/CVE-2017-7779.html

https://www.suse.com/security/cve/CVE-2017-7782.html

https://www.suse.com/security/cve/CVE-2017-7784.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2017:2302-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.