./www/firefox52, Web browser with support for extensions (version 52)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 52.5.0, Package name: firefox52-52.5.0, Maintainer: ryoon

Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.

It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.

Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.


Required to run:
[textproc/icu] [x11/gtk2] [textproc/hunspell] [x11/pixman] [audio/alsa-lib] [multimedia/libvpx] [x11/gtk3] [multimedia/ffmpeg3]

Required to build:
[pkgtools/x11-links] [x11/compositeproto] [x11/glproto] [x11/renderproto] [x11/xproto] [x11/xf86vidmodeproto] [x11/recordproto] [x11/xf86driproto] [x11/damageproto] [x11/inputproto] [x11/xextproto] [x11/randrproto] [x11/dri2proto] [x11/xcb-proto] [x11/fixesproto4] [pkgtools/cwrappers]

Package options: alsa, dbus, gtk3

Master sites: (Expand)

SHA1: 4941f498f8ec838b1bdc70fc8f13c8fde379ddce
RMD160: c451c1c7cbb5ba8cdf1e35d48f08725cc8bd329c
Filesize: 209219.906 KB

Version history: (Expand)


CVS history: (Expand)


   2017-11-17 01:19:01 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 52.5.0

Changelog:
Security fixes:
#CVE-2017-7828: Use-after-free of PressShell while restyling layout

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur when flushing and resizing
layout because the PressShell object has been freed while still
in use. This results in a potentially exploitable crash during
these operations.

References

    Bug 1406750
    Bug 1412252

#CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

Reporter
    Jun Kokatsu
Impact
    high

Description

The Resource Timing API incorrectly revealed navigations in cross-origin
iframes. This is a same-origin policy violation and could allow for
data theft of URLs loaded by users.

References

    Memory safety bugs fixed in Firefox 57

#CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christian Holler, David
Keeler, Jon Coppeard, Julien Cristau, Jan de Mooij, Jason Kratzer,
Philipp, Nicholas Nethercote, Oriol Brufau, André Bargull, Bob Clary,
Jet Villegas, Randell Jesup, Tyson Smith, Gary Kwong, and Ryan VanderMeulen
reported memory safety bugs present in Firefox 56 and Firefox ESR 52.4.
Some of these bugs showed evidence of memory corruption and we presume
that with enough effort that some of these could be exploited to
run arbitrary code.

References

    Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
   2017-11-09 20:17:19 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 52.4.1

Changelog:
Fixed
    Fixed a crash when playing videos on macOS 10.13

    Fixed a crash when using the color picker on macOS 10.13
   2017-09-30 13:19:10 by Ryo ONODERA | Files touched by this commit (3) | Package updated
Log message:
Update to 52.4.0

* Remove an unnecessary patch

Changelog:
Fixed
    Various security fixes
    Various stability and regression fixes

Security fixes:
#CVE-2017-7793: Use-after-free with Fetch API

Reporter
    Abhishek Arya
Impact
    high

Description

A use-after-free vulnerability can occur in the Fetch API when the worker or the \ 
associated window are freed when still in use, resulting in a potentially \ 
exploitable crash.
References

    Bug 1371889

#CVE-2017-7818: Use-after-free during ARIA array manipulation

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when manipulating arrays of Accessible \ 
Rich Internet Applications (ARIA) elements within containers through the DOM. \ 
This results in a potentially exploitable crash.
References

    Bug 1363723

#CVE-2017-7819: Use-after-free while resizing images in design mode

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur in design mode when image objects are \ 
resized if objects referenced during the resizing have been freed from memory. \ 
This results in a potentially exploitable crash.
References

    Bug 1380292

#CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

Reporter
    Omair, Andre Weissflog
Impact
    high

Description

A buffer overflow occurs when drawing and validating elements with the ANGLE \ 
graphics library, used for WebGL content. This is due to an incorrect value \ 
being passed within the library during checks and results in a potentially \ 
exploitable crash.
References

    Bug 1398381

#CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

Reporter
    Martin Thomson
Impact
    high

Description

During TLS 1.2 exchanges, handshake hashes are generated which point to a \ 
message buffer. This saved data is used for later messages but in some cases, \ 
the handshake transcript can exceed the space available in the current buffer, \ 
causing the allocation of a new buffer. This leaves a pointer pointing to the \ 
old, freed buffer, resulting in a use-after-free when handshake hashes are then \ 
calculated afterwards. This can result in a potentially exploitable crash.
References

    Bug 1377618

#CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

Reporter
    François Marier
Impact
    moderate

Description

File downloads encoded with blob: and data: URL elements bypassed normal file \ 
download checks though the Phishing and Malware Protection feature and its block \ 
lists of suspicious sites and files. This would allow malicious sites to lure \ 
users into downloading executables that would otherwise be detected as \ 
suspicious.
References

    Bug 1376036

#CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as \ 
spaces

Reporter
    Khalil Zhani
Impact
    moderate

Description

Several fonts on OS X display some Tibetan and Arabic characters as whitespace. \ 
When used in the addressbar as part of an IDN this can be used for domain name \ 
spoofing attacks.
Note: This attack only affects OS X operating systems. Other operating systems \ 
are unaffected.
References

    Bug 1393624
    Bug 1390980

#CVE-2017-7823: CSP sandbox directive did not create a unique origin

Reporter
    Jun Kokatsu
Impact
    moderate

Description

The content security policy (CSP) sandbox directive did not create a unique \ 
origin for the document, causing it to behave as if the allow-same-origin \ 
keyword were always specified. This could allow a Cross-Site Scripting (XSS) \ 
attack to be launched from unsafe content.
References

    Bug 1396320

#CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

Reporter
    Mozilla developers and community
Impact
    critical

Description

Mozilla developers and community members Christoph Diehl, Jan de Mooij, Jason \ 
Kratzer, Randell Jesup, Tom Ritter, Tyson Smith, and Sebastian Hengst reported \ 
memory safety bugs present in Firefox 55 and Firefox ESR 52.3. Some of these \ 
bugs showed evidence of memory corruption and we presume that with enough effort \ 
that some of these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
   2017-09-18 11:53:40 by Maya Rashish | Files touched by this commit (676)
Log message:
revbump for requiring ICU 59.x
   2017-09-13 12:03:47 by Martin Husemann | Files touched by this commit (3)
Log message:
firefox52: hacks for sparc64/big endian platforms

While graphics support for big endian platforms ist still not quite
right, we prefer slightly garbled display (or missing items) over
browser crashes.
   2017-09-08 04:38:46 by Ryo ONODERA | Files touched by this commit (132)
Log message:
Recursive revbump from audio/pulseaudio-11.0
   2017-08-19 06:13:51 by Ryo ONODERA | Files touched by this commit (2) | Package updated
Log message:
Update to 52.3.0

Changelog:
#CVE-2017-7798: XUL injection in the style editor in devtools

Reporter
    Frederik Braun
Impact
    critical

Description

The Developer Tools feature suffers from a XUL injection vulnerability due to \ 
improper sanitization of the web page source code. In the worst case, this could \ 
allow arbitrary code execution when opening a malicious page with the style \ 
editor tool.
References

    Bug 1371586, 1372112

#CVE-2017-7800: Use-after-free in WebSockets during disconnection

Reporter
    Looben Yang
Impact
    critical

Description

A use-after-free vulnerability can occur in WebSockets when the object holding \ 
the connection is freed before the disconnection operation is finished. This \ 
results in an exploitable crash.
References

    Bug 1374047

#CVE-2017-7801: Use-after-free with marquee during window resizing

Reporter
    Nils
Impact
    critical

Description

A use-after-free vulnerability can occur while re-computing layout for a marquee \ 
element during window resizing where the updated style object is freed while \ 
still in use. This results in a potentially exploitable crash.
References

    Bug 1371259

#CVE-2017-7809: Use-after-free while deleting attached editor DOM node

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when an editor DOM node is deleted \ 
prematurely during tree traversal while still bound to the document. This \ 
results in a potentially exploitable crash.
References

    Bug 1380284

#CVE-2017-7784: Use-after-free with image observers

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when reading an image observer during \ 
frame reconstruction after the observer has been freed. This results in a \ 
potentially exploitable crash.
References

    Bug 1376087

#CVE-2017-7802: Use-after-free resizing image elements

Reporter
    Nils
Impact
    high

Description

A use-after-free vulnerability can occur when manipulating the DOM during the \ 
resize event of an image element. If these elements have been freed due to a \ 
lack of strong references, a potentially exploitable crash may occur when the \ 
freed elements are accessed.
References

    Bug 1378147

#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM

Reporter
    Nils
Impact
    high

Description

A buffer overflow can occur when manipulating Accessible Rich Internet \ 
Applications (ARIA) attributes within the DOM. This results in a potentially \ 
exploitable crash.
References

    Bug 1356985

#CVE-2017-7786: Buffer overflow while painting non-displayable SVG

Reporter
    Nils
Impact
    high

Description

A buffer overflow can occur when the image renderer attempts to paint \ 
non-displayable SVG elements. This results in a potentially exploitable crash.
References

    Bug 1365189

#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements

Reporter
    SkyLined
Impact
    high

Description

An out-of-bounds read occurs when applying style rules to pseudo-elements, such \ 
as ::first-line, using cached style data.
References

    Bug 1353312

#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads

Reporter
    Oliver Wagner
Impact
    high

Description

Same-origin policy protections can be bypassed on pages with embedded iframes \ 
during page reloads, allowing the iframes to access content on the top level \ 
page, leading to information disclosure.
References

    Bug 1322896

#CVE-2017-7807: Domain hijacking through AppCache fallback

Reporter
    Mathias Karlsson
Impact
    high

Description

A mechanism that uses AppCache to hijack a URL in a domain using fallback by \ 
serving the files from a sub-path on the domain. This has been addressed by \ 
requiring fallback files be inside the manifest directory.
References

    Bug 1376459

#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID

Reporter
    Fraser Tweedale
Impact
    high

Description

A buffer overflow will occur when viewing a certificate in the certificate \ 
manager if the certificate has an extremely long object identifier (OID). This \ 
results in a potentially exploitable crash.
References

    Bug 1368652

#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher

Reporter
    Stephen Fewer
Impact
    high

Description

The destructor function for the WindowsDllDetourPatcher class can be re-purposed \ 
by malicious code in concert with another vulnerability to write arbitrary data \ 
to an attacker controlled location in memory. This can be used to bypass \ 
existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating \ 
systems are not affected.
References

    Bug 1372849

#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal \ 
alerts

Reporter
    Jose María Acuña
Impact
    moderate

Description

On pages containing an iframe, the data: protocol can be used to create a modal \ 
alert that will render over arbitrary domains following page navigation, \ 
spoofing of the origin of the modal alert from the iframe content.
References

    Bug 1365875

#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections

Reporter
    Arthur Edelstein
Impact
    moderate

Description

An error in the WindowsDllDetourPatcher where a RWX \ 
("Read/Write/Execute") 4k block is allocated but never protected, \ 
violating DEP his attack only affects Windows operating systems. Other operating \ 
systems are not affected.
References

    Bug 1344034

#CVE-2017-7803: CSP containing 'sandbox' improperly applied

Reporter
    Rhys Enniks
Impact
    moderate

Description

When a pageâ€er directives are ignored. This results in the incorrect \ 
enforcement of CSP.
References

    Bug 1377426

#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3

Reporter
    Mozilla developers and community
Impact
    critical

Descrlla developers and community members Masayuki Nakano, Gary Kwong, Ronald \ 
Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van \ 
Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and \ 
Andi-Bogdan Postelnicu reported presume that with enough effort that some of \ 
these could be exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
   2017-07-16 12:48:17 by Jared D. McNeill | Files touched by this commit (4)
Log message:
Adopt ARM patches from devel/protobuf; makes firefox work on NetBSD/evbarm