openSUSE Security Update : Mozilla Firefox (openSUSE-2017-509)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Mozilla Firefox was updated to Firefox 52.1.0esr.

The following vulnerabilities were fixed (bsc#1035082) :

- CVE-2017-5443: Out-of-bounds write during BinHex
decoding

- CVE-2017-5429: Memory safety bugs fixed in Firefox 53,
Firefox ESR 45.9, and Firefox ESR 52.1

- CVE-2017-5464: Memory corruption with accessibility and
DOM manipulation

- CVE-2017-5465: Out-of-bounds read in ConvolvePixel

- CVE-2017-5466: Origin confusion when reloading isolated
data:text/html URL

- CVE-2017-5467: Memory corruption when drawing Skia
content

- CVE-2017-5460: Use-after-free in frame selection

- CVE-2017-5461: Out-of-bounds write in Base64 encoding in
NSS

- CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

- CVE-2017-5449: Crash during bidirectional unicode
manipulation with animation

- CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA
frames are sent with incorrect data

- CVE-2017-5447: Out-of-bounds read during glyph
processing

- CVE-2017-5444: Buffer overflow while parsing
application/http-index-format content

The package is now following the ESR 52 branch :

- Enable plugin support by default

- service workers are disabled by default

- push notifications are disabled by default

- WebAssembly (wasm) is disabled

- Less use of multiprocess architecture Electrolysis
(e10s)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1035082

Solution :

Update the affected Mozilla Firefox packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now