openSUSE Security Update : Mozilla Firefox and NSS (openSUSE-2017-1114)
Critical Nessus Plugin ID 103621
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update to Mozilla Firefox 52.4esr, along with Mozilla NSS 3.28.6, fixes security issues and bugs. The following vulnerabilities advised upstream under MFSA 2017-22 (boo#1060445) were fixed :
- CVE-2017-7793: Use-after-free with Fetch API
- CVE-2017-7818: Use-after-free during ARIA array manipulation
- CVE-2017-7819: Use-after-free while resizing images in design mode
- CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
- CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
- CVE-2017-7823: CSP sandbox directive did not create a unique origin
- CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4 The following security issue was fixed in Mozilla NSS 3.28.6 :
- CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes (bsc#1061005)
The following bug was fixed :
- boo#1029917: language accept header use incorrect locale
For compatibility reasons, java-1_8_0-openjdk was rebuilt to the updated version of NSS.
SolutionUpdate the affected Mozilla Firefox and NSS packages.