./www/firefox52, Web browser with support for extensions (version 52)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 52.3.0nb2, Package name: firefox52-52.3.0nb2, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.


Required to run:
[sysutils/desktop-file-utils] [sysutils/dbus-glib] [textproc/icu] [graphics/MesaLib] [graphics/cairo] [graphics/jpeg] [net/libIDL] [devel/nspr] [devel/libffi] [devel/nss] [x11/gtk2] [textproc/hunspell] [x11/pixman] [audio/alsa-lib] [multimedia/libvpx] [x11/gtk3] [multimedia/ffmpeg3]

Required to build:
[pkgtools/x11-links] [devel/yasm] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/recordproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers]

Package options: alsa, dbus, gtk3

Master sites: (Expand)

SHA1: 10c9b836167b3d1dc500decd6e324adfebd6f854
RMD160: 9f43af8abbd449ea3921583d1b47de40b2b302a7
Filesize: 205939.355 KB

Version history: (Expand)


CVS history: (Expand)


   2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676)
Log message:
revbump for requiring ICU 59.x
   2017-09-13 12:03:47 by Martin Husemann | Files touched by this commit (3)
Log message:
firefox52: hacks for sparc64/big endian platforms

While graphics support for big endian platforms ist still not quite
right, we prefer slightly garbled display (or missing items) over
browser crashes.
   2017-09-08 04:38:46 by Ryo ONODERA | Files touched by this commit (132)
Log message:
Recursive revbump from audio/pulseaudio-11.0
   2017-08-19 06:13:51 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 52.3.0

Changelog:
#CVE-2017-7798: XUL injection in the style editor in devtools

Reporter
    Frederik Braun
Impact
    critical

Description

The Developer Tools feature suffers from a XUL injection vulnerability due to \ 
improper sanitization of the web page source code. In the worst case, this could \ 
allow arbitrary code execution when opening a malicious page with the style \ 
editor tool.
References

    Bug 1371586, 1372112

#CVE-2017-7800: Use-after-free in WebSockets during disconnection

Reporter
    Looben Yang
Impact
    critical

Description

A use-after-free vulnerability can occur in WebSockets when the object holding \ 
the connection is freed before the disconnection operation is finished. This \ 
results in an exploitable crash.
References

    Bug 1374047

#CVE-2017-7801: Use-after-free with marquee during window resizing

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur while re-computing layout for a marquee \ 
element during window resizing where the updated style object is freed while \ 
still in use. This results in a potentially exploitable crash.
References

    Bug 1371259

#CVE-2017-7809: Use-after-free while deleting attached editor DOM node

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when an editor DOM node is deleted \ 
prematurely during tree traversal while still bound to the document. This \ 
results in a potentially exploitable crash.
References

    Bug 1380284

#CVE-2017-7784: Use-after-free with image observers

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when reading an image observer during \ 
frame reconstruction after the observer has been freed. This results in a \ 
potentially exploitable crash.
References

    Bug 1376087

#CVE-2017-7802: Use-after-free resizing image elements

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when manipulating the DOM during the \ 
resize event of an image element. If these elements have been freed due to a \ 
lack of strong references, a potentially exploitable crash may occur when the \ 
freed elements are accessed.
References

    Bug 1378147

#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM

Reporter
    Nils
Impact
    high

Description

A buffer overflow can occur when manipulating Accessible Rich Internet \ 
Applications (ARIA) attributes within the DOM. This results in a potentially \ 
exploitable crash.
References

    Bug 1356985

#CVE-2017-7786: Buffer overflow while painting non-displayable SVG

Reporter
    Nils
Impact
    high

Description

A buffer overflow can occur when the image renderer attempts to paint \ 
non-displayable SVG elements. This results in a potentially exploitable crash.
References

    Bug 1365189

#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements

Reporter
    SkyLined
Impact
    high

Description

An out-of-bounds read occurs when applying style rules to pseudo-elements, such \ 
as ::first-line, using cached style data.
References

    Bug 1353312

#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads

Reporter
    Oliver Wagner
Impact
    high

Description

Same-origin policy protections can be bypassed on pages with embedded iframes \ 
during page reloads, allowing the iframes to access content on the top level \ 
page, leading to information disclosure.
References

    Bug 1322896

#CVE-2017-7807: Domain hijacking through AppCache fallback

Reporter
    Mathias Karlsson
Impact
    high

Description

A mechanism that uses AppCache to hijack a URL in a domain using fallback by \ 
serving the files from a sub-path on the domain. This has been addressed by \ 
requiring fallback files be inside the manifest directory.
References

    Bug 1376459

#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID

Reporter
    Fraser Tweedale
Impact
    high

Description

A buffer overflow will occur when viewing a certificate in the certificate \ 
manager if the certificate has an extremely long object identifier (OID). This \ 
results in a potentially exploitable crash.
References

    Bug 1368652

#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher

Reporter
    Stephen Fewer
Impact
    high

Description

The destructor function for the WindowsDllDetourPatcher class can be re-purposed \ 
by malicious code in concert with another vulnerability to write arbitrary data \ 
to an attacker controlled location in memory. This can be used to bypass \ 
existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating \ 
systems are not affected.
References

    Bug 1372849

#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal \ 
alerts

Reporter
    Jose María Acuña
Impact
    moderate

Description

On pages containing an iframe, the data: protocol can be used to create a modal \ 
alert that will render over arbitrary domains following page navigation, \ 
spoofing of the origin of the modal alert from the iframe content.
References

    Bug 1365875

#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections

Reporter
    Arthur Edelstein
Impact
    moderate

Description

An error in the WindowsDllDetourPatcher where a RWX \ 
("Read/Write/Execute") 4k block is allocated but never protected, \ 
violating DEP his attack only affects Windows operating systems. Other operating \ 
systems are not affected.
References

    Bug 1344034

#CVE-2017-7803: CSP containing 'sandbox' improperly applied

Reporter
    Rhys Enniks
Impact
    moderate

Description

When a pageâ€er directives are ignored. This results in the incorrect \ 
enforcement of CSP.
References

    Bug 1377426

#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

Reporter
    Mozilla developers and community
Impact
    critical

Descrlla developers and community members Masayuki Nakano, Gary Kwong, Ronald \ 
Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van \ 
Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and \ 
Andi-Bogdan Postelnicu reported presume that with enough effort that some of \ 
these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
   2017-07-16 12:48:17 by Jared D. McNeill | Files touched by this commit (4)
Log message:
Adopt ARM patches from devel/protobuf; makes firefox work on NetBSD/evbarm
   2017-07-12 03:49:34 by Ryo ONODERA | Files touched by this commit (1)
Log message:
Bump required devel/nspr version to fix potential configure error
   2017-07-09 11:04:00 by Maya Rashish | Files touched by this commit (3) | Package updated
Log message:
firefox{,45,52}: bump pkgrevision with no change.

these packages pull in GCC_REQD+=4.9 via mozilla-common.mk, and
are very widely used (I suspect only www/firefox actually needs it)

this will take care of most of the fallout from major bumping
pkgsrc-gcc-libstdc++ to 7 on netbsd. these are the most widely
used packages setting GCC_REQD>4.8.
   2017-07-03 18:26:59 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 52.2.1

Changelog:
52.2.1
    Printing text does not work on Windows when Direct2D is disabled (Bug 1318845)

52.2.0
 #CVE-2017-5472: Use-after-free using destroyed node when regenerating trees
 #CVE-2017-7749: Use-after-free during docshell reloading
 #CVE-2017-7750: Use-after-free with track elements
 #CVE-2017-7751: Use-after-free with content viewer listeners
 #CVE-2017-7752: Use-after-free with IME input
 #CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
 #CVE-2017-7755: Privilege escalation through Firefox Installer with same \ 
directory DLL files
 #CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors
 #CVE-2017-7757: Use-after-free in IndexedDB
 #CVE-2017-7778: Vulnerabilities in the Graphite 2 library
 #CVE-2017-7758: Out-of-bounds read in Opus encoder
 #CVE-2017-7760: File manipulation and privilege escalation via callback \ 
parameter in Mozilla Windows Updater and Maintenance Service
 #CVE-2017-7761: File deletion and privilege escalation through Mozilla \ 
Maintenance Service helper.exe application
 #CVE-2017-7763: Mac fonts render some unicode characters as spaces
 #CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and \ 
other unicode blocks
 #CVE-2017-7765: Mark of the Web bypass when saving executable files
 #CVE-2017-7766: File execution and privilege escalation through updater.ini, \ 
Mozilla Windows Updater, and Mozilla Maintenance Service
 #CVE-2017-7767: Privilege escalation and arbitrary file overwrites through \ 
Mozilla Windows Updater and Mozilla Maintenance Service
 #CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service
 #CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.252.2.0

52.1.2
    FIx hangs when using a proxy with NTLM authentication (bug 1360574)