97940

1038320

https://bugzilla.mozilla.org/show_bug.cgi?id=1329521

https://www.mozilla.org/security/advisories/mfsa2017-10/

USN-3260-1 fixed vulnerabilities in Firefox. The update caused the date picker panel and form validation errors to close immediately on opening. This update fixes the problem.

We apologize for the inconvenience.

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS.
If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of Mozilla Firefox installed on the remote Windows host is prior to 53. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the RSS reader preview page due to     improper sanitization of URL parameters for a feed's     TITLE element. An unauthenticated, remote attacker can     exploit this to spoof the TITLE element. However, no     scripted content can be run. (CVE-2017-5453)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A reflected cross-site scripting (XSS) vulnerability     exists when dragging and dropping a 'javascript:' URL     into the address bar due to improper validation of     input. An unauthenticated, remote attacker can exploit     this to execute arbitrary script code in a user's     browser session. (CVE-2017-5458)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

  - A flaw exists in the developer tools due to an incorrect     ownership model of privateBrowsing information. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2017-5468)

The version of Mozilla Firefox installed on the remote macOS or Mac OS X host is prior to 53. It is, therefore, affected by the following vulnerabilities :

  - Multiple buffer overflow conditions exist in the FLEX     generated code due to improper validation of certain     input. An unauthenticated, remote attacker can exploit     these to execute arbitrary code. (CVE-2016-6354,     CVE-2017-5469)

  - Multiple flaws exist in the Libevent library, within     files evdns.c and evutil.c, due to improper validation     of input when handling IP address strings, empty base     name strings, and DNS packets. An unauthenticated,     remote attacker can exploit these to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2016-10195, CVE-2016-10196, CVE-2016-10197,     CVE-2017-5437)

  - Multiple memory corruption issues exist that allow an     unauthenticated, remote attacker to execute arbitrary     code. (CVE-2017-5429, CVE-2017-5430)

  - A use-after-free error exists in input text selection     that allows an unauthenticated, remote attacker to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5432)

  - A use-after-free error exists in the SMIL animation     functions when handling animation elements. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5433)

  - A use-after-free error exists when redirecting focus     handling that allows an unauthenticated, remote attacker     to cause a denial of service condition or the execution     of arbitrary code. (CVE-2017-5434)

  - A use-after-free error exists in design mode     interactions when handling transaction processing in     the editor. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5435)

  - An out-of-bounds write error exists in the Graphite 2     library when handling specially crafted Graphite fonts.
    An unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5436)

  - A use-after-free error exists in the nsAutoPtr()     function during XSLT processing due to the result     handler being held by a freed handler. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5438)

  - A use-after-free error exists in the Length() function     in nsTArray when handling template parameters during     XSLT processing. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5439)

  - A use-after-free error exists in the txExecutionState     destructor when processing XSLT content. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5440)

  - A use-after-free error exists when holding a selection     during scroll events. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the execution of arbitrary code.
    (CVE-2017-5441)

  - A use-after-free error exists when changing styles in     DOM elements that allows an unauthenticated, remote     attacker to cause a denial of service condition or the     execution of arbitrary code. (CVE-2017-5442)

  - An out-of-bounds write error exists while decoding     improperly formed BinHex format archives that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5443)

  - A buffer overflow condition exists while parsing     application/http-index-format format content due to     improper validation of user-supplied input. An     unauthenticated, remote attacker can exploit this, via     improperly formatted data, to disclose out-of-bounds     memory content. (CVE-2017-5444)

  - A flaw exists in nsDirIndexParser.cpp when parsing     application/http-index-format format content in which     uninitialized values are used to create an array. An     unauthenticated, remote attacker can exploit this to     disclose memory contents. (CVE-2017-5445)

  - An out-of-bounds read error exists when handling HTTP/2     DATA connections to a server that sends DATA frames with     incorrect content. An unauthenticated, remote attacker     can exploit to cause a denial of service condition or     the disclosure of memory contents. (CVE-2017-5446)

  - An out-of-bounds read error exists when processing glyph     widths during text layout. An unauthenticated, remote     attacker can exploit this to cause a denial of service     condition or the disclosure of memory contents.
    (CVE-2017-5447)

  - An out-of-bounds write error exists in the     ClearKeyDecryptor::Decrypt() function within file     ClearKeyDecryptionManager.cpp when decrypting     Clearkey-encrypted media content. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    This vulnerability can only be exploited if a secondary     mechanism can be used to escape the Gecko Media Plugin     (GMP) sandbox. (CVE-2017-5448)

  - A flaw exists when handling bidirectional Unicode text     in conjunction with CSS animations that allows an     unauthenticated, remote attacker to cause a denial of     service condition or the execution or arbitrary code.
    (CVE-2017-5449)

  - A flaw exists in the handling of specially crafted     'onblur' events. An unauthenticated, remote attacker can     exploit this, via a specially crafted event, to spoof     the address bar, making the loaded site appear to be     different from the one actually loaded. (CVE-2017-5451)

  - A flaw exists in the RSS reader preview page due to     improper sanitization of URL parameters for a feed's     TITLE element. An unauthenticated, remote attacker can     exploit this to spoof the TITLE element. However, no     scripted content can be run. (CVE-2017-5453)

  - A flaw exists in the FileSystemSecurity::Forget()     function within file FileSystemSecurity.cpp when using     the File Picker due to improper sanitization of input     containing path traversal sequences. An unauthenticated,     remote attacker can exploit this to bypass file system     access protections in the sandbox and read arbitrary     files on the local file system. (CVE-2017-5454)

  - An unspecified flaw exists in the internal feed reader     APIs when handling messages. An unauthenticated, remote     attacker can exploit this to escape the sandbox and     gain elevated privileges if it can be combined with     another vulnerability that allows remote code execution     inside the sandboxed process. (CVE-2017-5455)

  - A flaw exists in the Entries API when using a file     system request constructor through an IPC message. An     unauthenticated, remote attacker can exploit this to     bypass file system access protections in the sandbox     and gain read and write access to the local file system.
    (CVE-2017-5456)

  - A reflected cross-site scripting (XSS) vulnerability     exists when dragging and dropping a 'javascript:' URL     into the address bar due to improper validation of     input. An unauthenticated, remote attacker can exploit     this to execute arbitrary script code in a user's     browser session. (CVE-2017-5458)

  - A buffer overflow condition exists in WebGL when     handling web content due to improper validation of     certain input. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5459)

  - A use-after-free error exists in frame selection when     handling a specially crafted combination of script     content and key presses by the user. An unauthenticated,     remote attacker can exploit this to cause a denial of     service condition or the execution of arbitrary code.
    (CVE-2017-5460)

  - An out-of-bounds write error exists in the Network     Security Services (NSS) library during Base64 decoding     operations due to insufficient memory being allocated to     a buffer. An unauthenticated, remote attacker can     exploit this to cause a denial of service condition or     the execution of arbitrary code. (CVE-2017-5461)

  - A flaw exists in the Network Security Services (NSS)     library during DRBG number generation due to the     internal state V not correctly carrying bits over. An     unauthenticated, remote attacker can exploit this to     potentially cause predictable random number generation.
    (CVE-2017-5462)

  - A flaw exists when making changes to DOM content in the     accessibility tree due to improper validation of certain     input, which can lead to the DOM tree becoming out of     sync with the accessibility tree. An unauthenticated,     remote attacker can exploit this to corrupt memory,     resulting in a denial of service condition or the     execution of arbitrary code. (CVE-2017-5464)

  - An out-of-bounds read error exists in ConvolvePixel when     processing SVG content, which allows for otherwise     inaccessible memory being copied into SVG graphic     content. An unauthenticated, remote attacker can exploit     this to disclose memory contents or cause a denial of     service condition. (CVE-2017-5465)

  - A cross-site script (XSS) vulnerability exists due to     improper handling of data:text/html URL redirects when     a reload is triggered, which causes the reloaded     data:text/html page to have its origin set incorrectly.
    An unauthenticated, remote attacker can exploit this,     via a specially crafted request, to execute arbitrary     script code in a user's browser session. (CVE-2017-5466)

  - A memory corruption issue exists when rendering Skia     content outside of the bounds of a clipping region due     to improper validation of certain input. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition or the execution of     arbitrary code. (CVE-2017-5467)

  - A flaw exists in the developer tools due to an incorrect     ownership model of privateBrowsing information. An     unauthenticated, remote attacker can exploit this to     cause a denial of service condition. (CVE-2017-5468)

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5453, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5458, CVE-2017-5459, CVE-2017-5460, CVE-2017-5461, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5468, CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information.
(CVE-2017-5462).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of Mozilla Firefox prior to 53 are unpatched for the following vulnerabilities :

 - A use-after-free error exists that is related to certain text input selections. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5432)
 - A use-after-free error exists in the SMIL animation functions. The issue is triggered when handling animation elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5433)
 - A use-after-free error exists that is triggered when redirecting focus handling. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5434)
 - A use-after-free error exists that is triggered when processing transactions in the editor during design mode interactions. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5435)
 - A use-after-free error exists in the 'nsAutoPtr()' function that is triggered during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5438)
 - A use-after-free error exists in the 'Length()' function in 'nsTArray' that is triggered when handling template parameters during XSLT processing. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5439)
 - A use-after-free error exists in the 'txExecutionState' destructor that is triggered during the processing of XSLT content. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5440)
 - A use-after-free error exists that is triggered when holding a selection during scroll events. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5441)
 - A use-after-free error exists that is triggered when changing styles in DOM elements. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5442)
 - An out-of-bounds write flaw exists that is triggered during the decoding of improperly formed BinHex format archives. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5443)
 - An overflow condition exists that is triggered as certain input is not properly validated when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5444)
 - A flaw exists in 'nsDirIndexParser.cpp' related to the use of uninitialized data. The issue is triggered when parsing 'application/http-index-format' content. This may allow a context-dependent attacker to disclose memory contents. (CVE-2017-5445)
 - An out-of-bounds read flaw exists that is triggered when handling HTTP/2 DATA connections that send DATA frames with incorrect data content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5446)
 - An out-of-bounds read flaw exists that is triggered when processing glyph widths during text layouts. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5447)
 - An out-of-bounds write flaw exists in the 'ClearKeyDecryptor::Decrypt()' function in 'ClearKeyDecryptionManager.cpp' that is triggered when decrypting Clearkey-encrypted media content. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5448)
 - A flaw exists that is triggered during the handling of bidirectional unicode text with CSS animations. This may allow a context-dependent attacker to potentially execute arbitrary code. (CVE-2017-5449)
 - A flaw exists that is triggered during the parsing of base domains that contain 'javascript: URI'. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5450)
 - A flaw exists that is triggered during the handling of a specially crafted 'onblur' event. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5451)
 - A flaw exists that is triggered when selecting an HTML editable page element while the existing location bar has been scrolled out of view. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5452)
 - A flaw exists in the RSS reader preview page that is triggered as input supplied via URL parameters is not properly sanitized. This may allow a context-dependent attacker to spoof the 'TITLE' element. (CVE-2017-5453)
 - A flaw exists in the 'FileSystemSecurity::Forget()' function in 'FileSystemSecurity.cpp'. The issue is triggered as input containing path traversal style sequences (e.g. '../') is not properly sanitized when using the File Picker. This may allow a context-dependent attacker to bypass file system access protections and read arbitrary files from the local file system. (CVE-2017-5454)
 - An unspecified flaw exists in the internal feed reader APIs that is triggered when handling messages. This may allow a context-dependent attacker to bypass the sandbox. (CVE-2017-5455)
 - A flaw exists in the Entries API that is triggered when using a file system request constructor through an IPC message. This may allow a context-dependent attacker to bypass the file system access protections and gain read and write access to the local file system. (CVE-2017-5456)
 - A flaw exists that allows a reflected XSS attack. This flaw exists because the program does not validate input when dragging and dropping a 'javascript: URL' into the address bar. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5458)
 - An overflow condition exists in WebGL. The issue is triggered as certain input is not properly validated when handling web content. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5459)
 - A use-after-free error exists in frame selection that is triggered when handling a combination of malicious script content and key presses. This may allow a context-dependent attacker to dereference already freed memory and potentially execute arbitrary code. (CVE-2017-5460)
 - An overflow condition exists in Base64 decoding. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code. (CVE-2017-5461)
 - A flaw exists in the DRBG number generation that is triggered as internal state V does not correctly carry bits over. This may result in potentially predictable random number generation. (CVE-2017-5462)
 - A flaw exists that is triggered during the handling of a specially crafted URL with android intents. This may allow a context-dependent attacker to spoof a valid address bar. (CVE-2017-5463)
 - A flaw exists that is triggered as certain input is not properly validated when making changes to DOM content in the accessibility tree. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5464)
 - An out-of-bounds read flaw exists in 'ConvolvePixel' that is triggered when processing specially crafted SVG content. This may allow a context-dependent attacker to potentially disclose memory contents. (CVE-2017-5465)
 - A flaw exists that allows a cross-site scripting (XSS) attack. This flaw exists because the program does not validate input when handling 'data:text/html' URL redirects before returning it to users. This may allow a context-dependent attacker to create a specially crafted request that will execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. (CVE-2017-5466)
 - A flaw exists that is triggered as certain input is not properly validated when rendering Skia content outside of the bounds of a clipping region. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5467)
 - A flaw exists in developer tools that is triggered as ownership models are incorrectly applied. This may allow a context-dependent attacker to cause a crash. (CVE-2017-5468)
 - Multiple overflow conditions exist in the FLEX generated code. The issue is triggered as certain input is not properly validated. This may allow a context-dependent attacker to cause a buffer overflow, potentially allowing the execution of arbitrary code. (CVE-2017-5469)
 - Multiple unspecified flaws exist that are triggered as certain input is not properly validated. This may allow a context-dependent attacker to corrupt memory and potentially execute arbitrary code. (CVE-2017-5429 ,CVE-2017-5430)

Mozilla Foundation reports :

Please reference CVE/URL list for details

ID	Name	Product	Family	Severity
100153	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox regression (USN-3260-2)	Nessus	Ubuntu Local Security Checks	high
99632	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus	Windows	high
99629	Mozilla Firefox < 53 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
99626	Ubuntu 14.04 LTS / 16.04 LTS / 16.10 / 17.04 : firefox vulnerabilities (USN-3260-1)	Nessus	Ubuntu Local Security Checks	high
700065	Mozilla Firefox < 53 Multiple Vulnerabilities	Nessus Network Monitor	Web Clients	high
99496	FreeBSD : mozilla -- multiple vulnerabilities (5e0a038a-ca30-416d-a2f5-38cbf5e7df33)	Nessus	FreeBSD Local Security Checks	high

CVE-2017-5468

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins