Path to this page:
Subject: CVS commit: pkgsrc/www/firefox52
From: Ryo ONODERA
Date: 2017-09-30 13:19:10
Message id: 20170930111910.15E18FBC7@cvs.NetBSD.org
Log Message:
Update to 52.4.0
* Remove an unnecessary patch
Changelog:
Fixed
Various security fixes
Various stability and regression fixes
Security fixes:
#CVE-2017-7793: Use-after-free with Fetch API
Reporter
Abhishek Arya
Impact
high
Description
A use-after-free vulnerability can occur in the Fetch API when the worker or the \
associated window are freed when still in use, resulting in a potentially \
exploitable crash.
References
Bug 1371889
#CVE-2017-7818: Use-after-free during ARIA array manipulation
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating arrays of Accessible \
Rich Internet Applications (ARIA) elements within containers through the DOM. \
This results in a potentially exploitable crash.
References
Bug 1363723
#CVE-2017-7819: Use-after-free while resizing images in design mode
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur in design mode when image objects are \
resized if objects referenced during the resizing have been freed from memory. \
This results in a potentially exploitable crash.
References
Bug 1380292
#CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
Reporter
Omair, Andre Weissflog
Impact
high
Description
A buffer overflow occurs when drawing and validating elements with the ANGLE \
graphics library, used for WebGL content. This is due to an incorrect value \
being passed within the library during checks and results in a potentially \
exploitable crash.
References
Bug 1398381
#CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
Reporter
Martin Thomson
Impact
high
Description
During TLS 1.2 exchanges, handshake hashes are generated which point to a \
message buffer. This saved data is used for later messages but in some cases, \
the handshake transcript can exceed the space available in the current buffer, \
causing the allocation of a new buffer. This leaves a pointer pointing to the \
old, freed buffer, resulting in a use-after-free when handshake hashes are then \
calculated afterwards. This can result in a potentially exploitable crash.
References
Bug 1377618
#CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
Reporter
François Marier
Impact
moderate
Description
File downloads encoded with blob: and data: URL elements bypassed normal file \
download checks though the Phishing and Malware Protection feature and its block \
lists of suspicious sites and files. This would allow malicious sites to lure \
users into downloading executables that would otherwise be detected as \
suspicious.
References
Bug 1376036
#CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as \
spaces
Reporter
Khalil Zhani
Impact
moderate
Description
Several fonts on OS X display some Tibetan and Arabic characters as whitespace. \
When used in the addressbar as part of an IDN this can be used for domain name \
spoofing attacks.
Note: This attack only affects OS X operating systems. Other operating systems \
are unaffected.
References
Bug 1393624
Bug 1390980
#CVE-2017-7823: CSP sandbox directive did not create a unique origin
Reporter
Jun Kokatsu
Impact
moderate
Description
The content security policy (CSP) sandbox directive did not create a unique \
origin for the document, causing it to behave as if the allow-same-origin \
keyword were always specified. This could allow a Cross-Site Scripting (XSS) \
attack to be launched from unsafe content.
References
Bug 1396320
#CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason \
Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported \
memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these \
bugs showed evidence of memory corruption and we presume that with enough effort \
that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
Files: