Debian DSA-3881-1 : firefox-esr - security update

High Nessus Plugin ID 100797

Synopsis

The remote Debian host is missing a security-related update.

Description

Several security issues have been found in the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, buffer overflows and other implementation errors may lead to the execution of arbitrary code, denial of service or domain spoofing.

Debian follows the extended support releases (ESR) of Firefox. Support for the 45.x series has ended, so starting with this update we're now following the 52.x releases.

Solution

Upgrade the firefox-esr packages.

For the stable distribution (jessie), these problems have been fixed in version 52.2.0esr-1~deb8u1.

For the upcoming stable distribution (stretch), these problems will be fixed soon.

See Also

https://packages.debian.org/source/jessie/firefox-esr

https://www.debian.org/security/2017/dsa-3881

Plugin Details

Severity: High

ID: 100797

File Name: debian_DSA-3881.nasl

Version: 3.8

Type: local

Agent: unix

Published: 2017/06/15

Updated: 2019/07/15

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3.0

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:firefox-esr, cpe:/o:debian:debian_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2017/06/14

Vulnerability Publication Date: 2018/06/11

Reference Information

CVE: CVE-2017-5470, CVE-2017-5472, CVE-2017-7749, CVE-2017-7750, CVE-2017-7751, CVE-2017-7752, CVE-2017-7754, CVE-2017-7756, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764, CVE-2017-7771, CVE-2017-7772, CVE-2017-7773, CVE-2017-7774, CVE-2017-7776, CVE-2017-7777, CVE-2017-7778

DSA: 3881