Updated firefox packages fix security vulnerabilities
Publication date: 05 Oct 2017Modification date: 05 Oct 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-7793 , CVE-2017-7805 , CVE-2017-7810 , CVE-2017-7814 , CVE-2017-7818 , CVE-2017-7819 , CVE-2017-7823 , CVE-2017-7824
Description
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS
library when client authentication was used. A malicious client could
use this flaw to cause an application compiled against NSS to crash or,
potentially, execute arbitrary code with the permission of the user
running the application (CVE-2017-7805).
Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818,
CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823).
References
- https://bugs.mageia.org/show_bug.cgi?id=21785
- https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
- https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
- https://access.redhat.com/errata/RHSA-2017:2832
- https://access.redhat.com/errata/RHSA-2017:2831
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824
SRPMS
6/core
- firefox-52.4.0-1.mga6
- firefox-l10n-52.4.0-1.mga6
- nspr-4.17-1.mga6
- nss-3.28.6-1.mga6
5/core
- firefox-52.4.0-1.mga5
- firefox-l10n-52.4.0-1.mga5
- nspr-4.17-1.mga5
- nss-3.28.6-1.mga5