openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

Mozilla Firefox was updated to Firefox 52.1.0esr.

The following vulnerabilities were fixed (bsc#1035082) :

- CVE-2017-5443: Out-of-bounds write during BinHex

- CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1

- CVE-2017-5464: Memory corruption with accessibility and
DOM manipulation

- CVE-2017-5465: Out-of-bounds read in ConvolvePixel

- CVE-2017-5466: Origin confusion when reloading isolated
data:text/html URL

- CVE-2017-5467: Memory corruption when drawing Skia

- CVE-2017-5460: Use-after-free in frame selection

- CVE-2017-5461: Out-of-bounds write in Base64 encoding in

- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

- CVE-2017-5449: Crash during bidirectional unicode
manipulation with animation

- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
frames are sent with incorrect data

- CVE-2017-5447: Out-of-bounds read during glyph

- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content

The package is now following the ESR 52 branch :

- Enable plugin support by default

- service workers are disabled by default

- push notifications are disabled by default

- WebAssembly (wasm) is disabled

- Less use of multiprocess architecture Electrolysis

See also :

Solution :

Update the affected Mozilla Firefox packages.

Risk factor :

High / CVSS Base Score : 7.5

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now