97940

1038320

RHSA-2017:1106

https://bugzilla.mozilla.org/show_bug.cgi?id=1341191

https://www.mozilla.org/security/advisories/mfsa2017-10/

https://www.mozilla.org/security/advisories/mfsa2017-12/

This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed :

  - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)

  - CVE-2017-7758: Out-of-bounds read in Opus encoder

  - CVE-2017-7749: Use-after-free during docshell reloading

  - CVE-2017-7751: Use-after-free with content viewer     listeners

  - CVE-2017-5472: Use-after-free using destroyed node when     regenerating trees

  - CVE-2017-5470: Memory safety bugs fixed in Firefox 54     and Firefox ESR 52.2

  - CVE-2017-7752: Use-after-free with IME input

  - CVE-2017-7750: Use-after-free with track elements

  - CVE-2017-7768: 32 byte arbitrary file read through     Mozilla Maintenance Service

  - CVE-2017-7778: Vulnerabilities in the Graphite 2 library

  - CVE-2017-7754: Out-of-bounds read in WebGL with     ImageInfo object

  - CVE-2017-7755: Privilege escalation through Firefox     Installer with same directory DLL files

  - CVE-2017-7756: Use-after-free and use-after-scope     logging XHR header errors

  - CVE-2017-7757: Use-after-free in IndexedDB

  - CVE-2017-7761: File deletion and privilege escalation     through Mozilla Maintenance Service helper.exe     application

  - CVE-2017-7763: Mac fonts render some unicode characters     as spaces

  - CVE-2017-7765: Mark of the Web bypass when saving     executable files

  - CVE-2017-7764: Domain spoofing with combination of     Canadian Syllabics and other unicode blocks

  - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)

  - CVE-2016-10196: Vulnerabilities in Libevent library

  - CVE-2017-5443: Out-of-bounds write during BinHex     decoding

  - CVE-2017-5429: Memory safety bugs fixed in Firefox 53,     Firefox ESR 45.9, and Firefox ESR 52.1

  - CVE-2017-5464: Memory corruption with accessibility and     DOM manipulation

  - CVE-2017-5465: Out-of-bounds read in ConvolvePixel

  - CVE-2017-5466: Origin confusion when reloading isolated     data:text/html URL

  - CVE-2017-5467: Memory corruption when drawing Skia     content

  - CVE-2017-5460: Use-after-free in frame selection

  - CVE-2017-5461: Out-of-bounds write in Base64 encoding in     NSS

  - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

  - CVE-2017-5449: Crash during bidirectional unicode     manipulation with animation

  - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA     frames are sent with incorrect data

  - CVE-2017-5447: Out-of-bounds read during glyph     processing

  - CVE-2017-5444: Buffer overflow while parsing     application/http-index-format content

  - CVE-2017-5445: Uninitialized values used while parsing     application/http- index-format content

  - CVE-2017-5442: Use-after-free during style changes

  - CVE-2017-5469: Potential Buffer overflow in     flex-generated code

  - CVE-2017-5440: Use-after-free in txExecutionState     destructor during XSLT processing

  - CVE-2017-5441: Use-after-free with selection during     scroll events

  - CVE-2017-5439: Use-after-free in nsTArray Length()     during XSLT processing

  - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT     processing

  - CVE-2017-5436: Out-of-bounds write with malicious font     in Graphite 2

  - CVE-2017-5435: Use-after-free during transaction     processing in the editor

  - CVE-2017-5434: Use-after-free during focus handling

  - CVE-2017-5433: Use-after-free in SMIL animation     functions

  - CVE-2017-5432: Use-after-free in text input selection

  - CVE-2017-5430: Memory safety bugs fixed in Firefox 53     and Firefox ESR 52.1

  - CVE-2017-5459: Buffer overflow in WebGL

  - CVE-2017-5462: DRBG flaw in NSS

  - CVE-2017-5455: Sandbox escape through internal feed     reader APIs

  - CVE-2017-5454: Sandbox escape allowing file system read     access through file picker

  - CVE-2017-5456: Sandbox escape allowing local file system     access

  - CVE-2017-5451: Addressbar spoofing with onblur event

  - General

  - CVE-2015-5276: Fix for C++11 std::random_device short     reads (bsc#945842) Bugfixes :

  - workaround for Firefox hangs (bsc#1031485, bsc#1025108)

  - Update to gcc-5-branch head.

  - Includes fixes for (bsc#966220), (bsc#962765),     (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392)     and (bsc#955382).

  - Add fix to revert accidential libffi ABI breakage on     AARCH64. (bsc#968771)

  - Build s390[x] with --with-tune=z9-109 --with-arch=z900     on SLE11 again. (bsc#954002)

  - Fix libffi include install. (bsc#935510)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas GrA(c)goire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

Note that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The Mozilla Firefox was updated to the new ESR 52.2 release, which fixes the following issues (bsc#1043960) :

  - MFSA 2017-16/CVE-2017-7758 Out-of-bounds read in Opus     encoder

  - MFSA 2017-16/CVE-2017-7749 Use-after-free during     docshell reloading

  - MFSA 2017-16/CVE-2017-7751 Use-after-free with content     viewer listeners

  - MFSA 2017-16/CVE-2017-5472 Use-after-free using     destroyed node when regenerating trees

  - MFSA 2017-16/CVE-2017-5470 Memory safety bugs fixed in     Firefox 54 and Firefox ESR 52.2

  - MFSA 2017-16/CVE-2017-7752 Use-after-free with IME input

  - MFSA 2017-16/CVE-2017-7750 Use-after-free with track     elements

  - MFSA 2017-16/CVE-2017-7768 32 byte arbitrary file read     through Mozilla Maintenance Service

  - MFSA 2017-16/CVE-2017-7778 Vulnerabilities in the     Graphite 2 library

  - MFSA 2017-16/CVE-2017-7754 Out-of-bounds read in WebGL     with ImageInfo object

  - MFSA 2017-16/CVE-2017-7755 Privilege escalation through     Firefox Installer with same directory DLL files

  - MFSA 2017-16/CVE-2017-7756 Use-after-free and     use-after-scope logging XHR header errors

  - MFSA 2017-16/CVE-2017-7757 Use-after-free in IndexedDB

  - MFSA 2017-16/CVE-2017-7761 File deletion and privilege     escalation through Mozilla Maintenance Service     helper.exe application

  - MFSA 2017-16/CVE-2017-7763 Mac fonts render some unicode     characters as spaces

  - MFSA 2017-16/CVE-2017-7765 Mark of the Web bypass when     saving executable files

  - MFSA 2017-16/CVE-2017-7764 (bmo#1364283,     bmo#http://www.unicode.org/reports/tr31/tr31-26     .html#Aspirational_Use_Scripts) Domain spoofing with     combination of Canadian Syllabics and other unicode     blocks

  - update to Firefox ESR 52.1 (bsc#1035082)

  - MFSA 2017-12/CVE-2016-10196 Vulnerabilities in Libevent     library

  - MFSA 2017-12/CVE-2017-5443 Out-of-bounds write during     BinHex decoding

  - MFSA 2017-12/CVE-2017-5429 Memory safety bugs fixed in     Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

  - MFSA 2017-12/CVE-2017-5464 Memory corruption with     accessibility and DOM manipulation

  - MFSA 2017-12/CVE-2017-5465 Out-of-bounds read in     ConvolvePixel

  - MFSA 2017-12/CVE-2017-5466 Origin confusion when     reloading isolated data:text/html URL

  - MFSA 2017-12/CVE-2017-5467 Memory corruption when     drawing Skia content

  - MFSA 2017-12/CVE-2017-5460 Use-after-free in frame     selection

  - MFSA 2017-12/CVE-2017-5461 Out-of-bounds write in Base64     encoding in NSS

  - MFSA 2017-12/CVE-2017-5448 Out-of-bounds write in     ClearKeyDecryptor

  - MFSA 2017-12/CVE-2017-5449 Crash during bidirectional     unicode manipulation with animation

  - MFSA 2017-12/CVE-2017-5446 Out-of-bounds read when     HTTP/2 DATA frames are sent with incorrect data

  - MFSA 2017-12/CVE-2017-5447 Out-of-bounds read during     glyph processing

  - MFSA 2017-12/CVE-2017-5444 Buffer overflow while parsing     application/http-index-format content

  - MFSA 2017-12/CVE-2017-5445 Uninitialized values used     while parsing application/http- index-format content

  - MFSA 2017-12/CVE-2017-5442 Use-after-free during style     changes

  - MFSA 2017-12/CVE-2017-5469 Potential Buffer overflow in     flex-generated code

  - MFSA 2017-12/CVE-2017-5440 Use-after-free in     txExecutionState destructor during XSLT processing

  - MFSA 2017-12/CVE-2017-5441 Use-after-free with selection     during scroll events

  - MFSA 2017-12/CVE-2017-5439 Use-after-free in nsTArray     Length() during XSLT processing

  - MFSA 2017-12/CVE-2017-5438 Use-after-free in nsAutoPtr     during XSLT processing

  - MFSA 2017-12/CVE-2017-5436 Out-of-bounds write with     malicious font in Graphite 2

  - MFSA 2017-12/CVE-2017-5435 Use-after-free during     transaction processing in the editor

  - MFSA 2017-12/CVE-2017-5434 Use-after-free during focus     handling

  - MFSA 2017-12/CVE-2017-5433 Use-after-free in SMIL     animation functions

  - MFSA 2017-12/CVE-2017-5432 Use-after-free in text input     selection

  - MFSA 2017-12/CVE-2017-5430 Memory safety bugs fixed in     Firefox 53 and Firefox ESR 52.1

  - MFSA 2017-12/CVE-2017-5459 Buffer overflow in WebGL

  - MFSA 2017-12/CVE-2017-5462 DRBG flaw in NSS

  - MFSA 2017-12/CVE-2017-5455 Sandbox escape through     internal feed reader APIs

  - MFSA 2017-12/CVE-2017-5454 Sandbox escape allowing file     system read access through file picker

  - MFSA 2017-12/CVE-2017-5456 Sandbox escape allowing local     file system access

  - MFSA 2017-12/CVE-2017-5451 Addressbar spoofing with     onblur event

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws were found in the processing of     malformed web content. A web page containing malicious     content could cause Firefox to crash or, potentially,     execute arbitrary code with the privileges of the user     running Firefox. (CVE-2017-5429, CVE-2017-5430,     CVE-2017-5432, CVE-2017-5433, CVE-2017-5434,     CVE-2017-5435, CVE-2017-5436, CVE-2017-5437,     CVE-2017-5438, CVE-2017-5439, CVE-2017-5440,     CVE-2017-5441, CVE-2017-5442, CVE-2017-5443,     CVE-2017-5444, CVE-2017-5445, CVE-2017-5446,     CVE-2017-5447, CVE-2017-5448, CVE-2017-5449,     CVE-2017-5451, CVE-2017-5454, CVE-2017-5455,     CVE-2017-5456, CVE-2017-5459, CVE-2017-5460,     CVE-2017-5464, CVE-2017-5465, CVE-2017-5466,     CVE-2017-5467,     CVE-2017-5469,CVE-2016-10195,CVE-2016-10196,CVE-2016-10     197)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem.

We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS.
If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Mozilla Firefox installed on the remote Windows host is prior to 53. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the RSS reader preview page due to     improper sanitization of URL parameters for a feed's     TITLE element. An unauthenticated, remote attacker can     exploit this to spoof the TITLE element. However, no     scripted content can be run. (CVE-2017-5453)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A reflected cross-site scripting (XSS) vulnerability     exists when dragging and dropping a 'javascript:' URL     into the address bar due to improper validation of     input. An unauthenticated, remote attacker can exploit     this to execute arbitrary script code in a user's     browser session. (CVE-2017-5458)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

  - A flaw exists in the developer tools due to an incorrect     ownership model of privateBrowsing information. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2017-5468)

The version of Mozilla Firefox ESR installed on the remote Windows host is 52.x prior to 52.1. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 53. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the RSS reader preview page due to     improper sanitization of URL parameters for a feed's     TITLE element. An unauthenticated, remote attacker can     exploit this to spoof the TITLE element. However, no     scripted content can be run. (CVE-2017-5453)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A reflected cross-site scripting (XSS) vulnerability     exists when dragging and dropping a 'javascript:' URL     into the address bar due to improper validation of     input. An unauthenticated, remote attacker can exploit     this to execute arbitrary script code in a user's     browser session. (CVE-2017-5458)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

  - A flaw exists in the developer tools due to an incorrect     ownership model of privateBrowsing information. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2017-5468)

The version of Mozilla Firefox ESR installed on the remote macOS or Mac OS X host is prior to 52.1. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information.
(CVE-2017-5462).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es) :

  - Multiple flaws were found in the processing of malformed     web content. A web page containing malicious content     could cause Firefox to crash or, potentially, execute     arbitrary code with the privileges of the user running     Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432,     CVE-2017-5433, CVE-2017-5434, CVE-2017-5435,     CVE-2017-5436, CVE-2017-5437, CVE-2017-5438,     CVE-2017-5439, CVE-2017-5440, CVE-2017-5441,     CVE-2017-5442, CVE-2017-5443, CVE-2017-5444,     CVE-2017-5445, CVE-2017-5446, CVE-2017-5447,     CVE-2017-5448, CVE-2017-5449, CVE-2017-5451,     CVE-2017-5454, CVE-2017-5455, CVE-2017-5456,     CVE-2017-5459, CVE-2017-5460, CVE-2017-5464,     CVE-2017-5465, CVE-2017-5466, CVE-2017-5467,     CVE-2017-5469)

Versions of Mozilla Firefox prior to 53 are unpatched for the following vulnerabilities :

 - A use-after-free error exists that is related to certain text input selections. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5432)
 - A use-after-free error exists in the SMIL animation functions. The issue is triggered when handling animation elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5433)
 - A use-after-free error exists that is triggered when redirecting focus handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5434)
 - A use-after-free error exists that is triggered when processing transactions in the editor during design mode interactions. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5435)
 - A use-after-free error exists in the 'nsAutoPtr()' function that is triggered during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5438)
 - A use-after-free error exists in the 'Length()' function in 'nsTArray' that is triggered when handling template parameters during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5439)
 - A use-after-free error exists in the 'txExecutionState' destructor that is triggered during the processing of XSLT content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5440)
 - A use-after-free error exists that is triggered when holding a selection during scroll events. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5441)
 - A use-after-free error exists that is triggered when changing styles in DOM elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5442)
 - An out-of-bounds write flaw exists that is triggered during the decoding of improperly formed BinHex format archives. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5443)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5444)
 - A flaw exists in 'nsDirIndexParser.cpp' related to the use of uninitialized data. The issue is triggered when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to disclose memory contents. (CVE-2017-5445)
 - An out-of-bounds read flaw exists that is triggered when handling HTTP/2 DATA connections that send DATA frames with incorrect data content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5446)
 - An out-of-bounds read flaw exists that is triggered when processing glyph widths during text layouts. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5447)
 - An out-of-bounds write flaw exists in the 'ClearKeyDecryptor::Decrypt()' function in 'ClearKeyDecryptionManager.cpp' that is triggered when decrypting Clearkey-encrypted media content. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5448)
 - A flaw exists that is triggered during the handling of bidirectional unicode text with CSS animations. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5449)
 - A flaw exists that is triggered during the parsing of base domains that contain 'javascript: URI'. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5450)
 - A flaw exists that is triggered during the handling of a specially crafted 'onblur' event. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5451)
 - A flaw exists that is triggered when selecting an HTML editable page element while the existing location bar has been scrolled out of view. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5452)
 - A flaw exists in the RSS reader preview page that is triggered as input supplied via URL parameters is not properly sanitized. This may allow a context-dependent attacker to spoof the 'TITLE' element. (CVE-2017-5453)
 - A flaw exists in the 'FileSystemSecurity::Forget()' function in 'FileSystemSecurity.cpp'. The issue is triggered as input containing path traversal style sequences (e.g. '../') is not properly sanitized when using the File Picker. This may allow a context-dependent attacker to bypass file system access protections and read arbitrary files from the local file system. (CVE-2017-5454)
 - An unspecified flaw exists in the internal feed reader APIs that is triggered when handling messages. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2017-5455)
 - A flaw exists in the Entries API that is triggered when using a file system request constructor through an IPC message. This may allow a context-dependent attacker to bypass the file system access protections and gain read and write access to the local file system. (CVE-2017-5456)
 - A flaw exists that allows a reflected XSS attack. This flaw exists because the program does not validate input when dragging and dropping a 'javascript: URL' into the address bar. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5458)
 - An overflow condition exists in WebGL. The issue is triggered as certain input is not properly validated when handling web content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5459)
 - A use-after-free error exists in frame selection that is triggered when handling a combination of malicious script content and key presses. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5460)
 - An overflow condition exists in Base64 decoding. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-5461)
 - A flaw exists in the DRBG number generation that is triggered as internal state V does not correctly carry bits over. This may result in potentially predictable random number generation. (CVE-2017-5462)
 - A flaw exists that is triggered during the handling of a specially crafted URL with android intents. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5463)
 - A flaw exists that is triggered as certain input is not properly validated when making changes to DOM content in the accessibility tree. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5464)
 - An out-of-bounds read flaw exists in 'ConvolvePixel' that is triggered when processing specially crafted SVG content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5465)
 - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling 'data:text/html' URL redirects before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5466)
 - A flaw exists that is triggered as certain input is not properly validated when rendering Skia content outside of the bounds of a clipping region. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5467)
 - A flaw exists in developer tools that is triggered as ownership models are incorrectly applied. This may allow a context-dependent attacker to cause a crash. (CVE-2017-5468)
 - Multiple overflow conditions exist in the FLEX generated code. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5469)
 - Multiple unspecified flaws exist that are triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5429 ,CVE-2017-5430)

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gregoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

From Red Hat Security Advisory 2017:1106 :

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es) :

* Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Gregoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

Mozilla Foundation reports :

Please reference CVE/URL list for details

ID	Name	Product	Family	Severity
102694	SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)	Nessus	SuSE Local Security Checks	high
101457	Virtuozzo 7 : firefox (VZLSA-2017-1106)	Nessus	Virtuozzo Local Security Checks	high
101055	SUSE SLED12 / SLES12 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2017:1669-1)	Nessus	SuSE Local Security Checks	high
100688	EulerOS 2.0 SP2 : firefox (EulerOS-SA-2017-1093)	Nessus	Huawei Local Security Checks	high
100687	EulerOS 2.0 SP1 : firefox (EulerOS-SA-2017-1092)	Nessus	Huawei Local Security Checks	high
100153	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)	Nessus	Ubuntu Local Security Checks	high
99632	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus	Windows	high
99631	Mozilla Firefox ESR 52.x < 52.1 Multiple Vulnerabilities	Nessus	Windows	high
99629	Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99628	Mozilla Firefox ESR < 52.1 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99626	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)	Nessus	Ubuntu Local Security Checks	high
99619	Scientific Linux Security Update : firefox on SL7.x x86_64	Nessus	Scientific Linux Local Security Checks	high
700065	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
99572	RHEL 7 : firefox (RHSA-2017:1106)	Nessus	Red Hat Local Security Checks	high
99565	Oracle Linux 7 : firefox (ELSA-2017-1106)	Nessus	Oracle Linux Local Security Checks	high
99539	CentOS 7 : firefox (CESA-2017:1106)	Nessus	CentOS Local Security Checks	high
99496	FreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)	Nessus	FreeBSD Local Security Checks	high

CVE-2017-5455

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins