Log Message:
Update to 52.4.0

* Remove an unnecessary patch

Changelog:
Fixed
    Various security fixes
    Various stability and regression fixes

Security fixes:
#CVE-2017-7793: Use-after-free with Fetch API

Reporter
    Abhishek Arya
Impact
    high

Description

A use-after-free vulnerability can occur in the Fetch API when the worker or the \ 
associated window are freed when still in use, resulting in a potentially \ 
exploitable crash.
References

    Bug 1371889

#CVE-2017-7818: Use-after-free during ARIA array manipulation

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when manipulating arrays of Accessible \ 
Rich Internet Applications (ARIA) elements within containers through the DOM. \ 
This results in a potentially exploitable crash.
References

    Bug 1363723

#CVE-2017-7819: Use-after-free while resizing images in design mode

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur in design mode when image objects are \ 
resized if objects referenced during the resizing have been freed from memory. \ 
This results in a potentially exploitable crash.
References

    Bug 1380292

#CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

Reporter
    Omair, Andre Weissflog
Impact
    high

Description

A buffer overflow occurs when drawing and validating elements with the ANGLE \ 
graphics library, used for WebGL content. This is due to an incorrect value \ 
being passed within the library during checks and results in a potentially \ 
exploitable crash.
References

    Bug 1398381

#CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

Reporter
    Martin Thomson
Impact
    high

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a \ 
message buffer. This saved data is used for later messages but in some cases, \ 
the handshake transcript can exceed the space available in the current buffer, \ 
causing the allocation of a new buffer. This leaves a pointer pointing to the \ 
old, freed buffer, resulting in a use-after-free when handshake hashes are then \ 
calculated afterwards. This can result in a potentially exploitable crash.
References

    Bug 1377618

#CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

Reporter
    François Marier
Impact
    moderate

Description

File downloads encoded with blob: and data: URL elements bypassed normal file \ 
download checks though the Phishing and Malware Protection feature and its block \ 
lists of suspicious sites and files. This would allow malicious sites to lure \ 
users into downloading executables that would otherwise be detected as \ 
suspicious.
References

    Bug 1376036

#CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as \ 
spaces

Reporter
    Khalil Zhani
Impact
    moderate

Description

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. \ 
When used in the addressbar as part of an IDN this can be used for domain name \ 
spoofing attacks.
Note: This attack only affects OS X operating systems. Other operating systems \ 
are unaffected.
References

    Bug 1393624
    Bug 1390980

#CVE-2017-7823: CSP sandbox directive did not create a unique origin

Reporter
    Jun Kokatsu
Impact
    moderate

Description

The content security policy (CSP) sandbox directive did not create a unique \ 
origin for the document, causing it to behave as if the allow-same-origin \ 
keyword were always specified. This could allow a Cross-Site Scripting (XSS) \ 
attack to be launched from unsafe content.
References

    Bug 1396320

#CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason \ 
Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported \ 
memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these \ 
bugs showed evidence of memory corruption and we presume that with enough effort \ 
that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4