AVG-157 log

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 50.1.0-1
Fixed 51.0.1-1
Current 133.0.3-2 [extra]
Ticket None
Created Sun Jan 29 18:44:24 2017
Issue Severity Remote Type Description
CVE-2017-5396 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in the Media Decoder of Firefox < 51 and Thunderbird < 45.7, when working with media files when some events...
CVE-2017-5393 Medium Yes Access restriction bypass
The mozAddonManager in Firefox < 51 allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could...
CVE-2017-5391 Medium Yes Privilege escalation
In Firefox < 51, special about: pages used by web content, such as RSS feeds, can load privileged about: pages in an iframe. If a content- injection bug...
CVE-2017-5390 High Yes Privilege escalation
The JSON viewer in the Developer Tools in Firefox < 51 and Thunderbird < 45.7 uses insecure methods to create a communication channel for copying and...
CVE-2017-5389 High Yes Access restriction bypass
WebExtensions in Firefox < 51 could use the mozAddonManager API by modifying the CSP headers on sites with the appropriate permissions and then using host...
CVE-2017-5388 Low Yes Denial of service
In Firefox < 51, a STUN server in conjunction with a large number of webkitRTCPeerConnection objects can be used to send large STUN packets in a short...
CVE-2017-5387 Low No Information disclosure
The existence of a specifically requested local file can be found in Firefox < 51 due to the double firing of the onerror when the source attribute on a...
CVE-2017-5386 Medium Yes Privilege escalation
WebExtension scripts in Firefox < 51 can use the data: protocol to affect pages loaded by other web extensions using this protocol, leading to potential...
CVE-2017-5385 Medium Yes Information disclosure
In Firefox < 51, data sent with in multipart channels, such as the multipart/x-mixed-replace MIME type, will ignore the referrer-policy response header,...
CVE-2017-5384 Medium Yes Information disclosure
Proxy Auto-Config (PAC) files in Firefox < 51 can specify a JavaScript function called for all URL requests with the full URL path which exposes more...
CVE-2017-5383 Medium Yes Content spoofing
URLs containing certain unicode glyphs for alternative hyphens and quotes do not properly trigger punycode display in Firefox < 51 and Thunderbird < 45.7,...
CVE-2017-5382 Medium Yes Information disclosure
Feed preview for RSS feeds in Firefox < 51 can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of...
CVE-2017-5381 Medium No Arbitrary file overwrite
The "export" function in the Firefox < 51 Certificate Viewer can force local filesystem navigation when the "common name" in a certificate contains slashes,...
CVE-2017-5380 High Yes Arbitrary code execution
A potential use-after-free vulnerability during DOM manipulation of SVG content has been in Firefox < 51 and Thunderbird < 45.7.
CVE-2017-5379 High Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51, in Web Animations, when interacting with cycle collection.
CVE-2017-5378 High Yes Information disclosure
An information disclosure vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, where hashed codes of JavaScript objects are shared between...
CVE-2017-5377 Critical Yes Arbitrary code execution
A memory corruption vulnerability in Skia that can occur when using transforms to make gradients, resulting in a potentially exploitable crash.
CVE-2017-5376 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 51 and Thunderbird < 45.7, while manipulating XSL in XSLT documents.
CVE-2017-5375 Critical Yes Arbitrary code execution
JIT code allocation in Firefox < 51 and Thunderbird < 45.7 can allow for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
CVE-2017-5374 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-5373 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 51 and Thunderbird < 47.5. Some of these bugs showed evidence of memory corruption and we presume...
Date Advisory Package Type
29 Jan 2017 ASA-201701-39 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01