AVG-375

Package firefox
Status Fixed
Severity Critical
Type multiple issues
Affected 54.0.1-1
Fixed 55.0-1
Current 60.0.2-1 [extra]
Ticket None
Created Wed Aug 9 20:31:53 2017
Issue Severity Remote Type Description
CVE-2017-7809 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when an editor DOM node is deleted prematurely during tree traversal while...
CVE-2017-7808 Medium Yes Information disclosure
A CSP information leak has been found in Firefox < 55.0. A content security policy (CSP) frame-ancestors directive containing origins with paths allows for...
CVE-2017-7807 High Yes Content spoofing
A domain hijacking flaw has been found in firefox < 55.0 and thunderbird < 52.3. A mechanism that uses AppCache to hijack a URL in a domain using fallback...
CVE-2017-7806 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in Firefox < 55.0, when the layer manager is freed too early when rendering specific SVG content, resulting in...
CVE-2017-7803 Medium Yes Access restriction bypass
A security issue has been found in firefox < 55.0 and thunderbird < 52.3. When a page’s content security policy (CSP) header contains a sandbox directive,...
CVE-2017-7802 Critical Yes Arbitrary code execution
A use-after-free vulnerability has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating the DOM during the resize event of an image...
CVE-2017-7801 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, while re-computing layout for a marquee element during window resizing where...
CVE-2017-7800 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, in WebSockets, when the object holding the connection is freed before the...
CVE-2017-7799 Medium Yes Cross-site scripting
A security issue has been found in Firefox < 55.0. JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on...
CVE-2017-7798 Critical Yes Arbitrary code execution
A XUL injection has been found in Firefox < 55.0, in the style editor in devtools. The Developer Tools feature suffers from a XUL injection vulnerability...
CVE-2017-7797 Low Yes Access restriction bypass
A security issue has been found in Firefox <55.0. Response header name interning does not have same-origin protections and these headers are stored in a...
CVE-2017-7794 Medium No Sandbox escape
A security issue has been found in Firefox < 55.0. On Linux systems, if the content process is compromised, the sandbox broker will allow files to be...
CVE-2017-7792 High Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when viewing a certificate in the certificate manager if the certificate has an...
CVE-2017-7791 Medium Yes Content spoofing
A content spoofing issue has been found in firefox < 55.0 and thunderbird < 52.3. On pages containing an iframe, the data: protocol can be used to create a...
CVE-2017-7789 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be...
CVE-2017-7788 Low Yes Access restriction bypass
A security issue has been found in Firefox < 55.0. When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not...
CVE-2017-7787 High Yes Same-origin policy bypass
Same-origin policy protections can be bypassed in firefox < 55.0 and thunderbird < 52.3, on pages with embedded iframes during page reloads, allowing the...
CVE-2017-7786 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when the image renderer attempts to paint non-displayable SVG elements. This...
CVE-2017-7785 Critical Yes Arbitrary code execution
A buffer overflow has been found in firefox < 55.0 and thunderbird < 52.3, when manipulating Accessible Rich Internet Applications (ARIA) attributes within...
CVE-2017-7784 Critical Yes Arbitrary code execution
A use-after-free issue has been found in firefox < 55.0 and thunderbird < 52.3, when reading an image observer during frame reconstruction after the...
CVE-2017-7783 Low Yes Denial of service
A denial of service has been found in Firefox < 55.0. If a long user name is used in a username/password combination in a site URL (such as...
CVE-2017-7781 Medium Yes Incorrect calculation
An elliptic curve point addition error has been found in Firefox < 55.0. An error occurs in the elliptic curve point addition algorithm that uses mixed...
CVE-2017-7780 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in Firefox < 55.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort...
CVE-2017-7779 Critical Yes Arbitrary code execution
Several memory safety bugs have been found in firefox < 55.0 and thunderbird < 52.3. Some of these bugs showed evidence of memory corruption and we presume...
CVE-2017-7753 High Yes Information disclosure
An out-of-bounds read  has been found in firefox < 55.0 and thunderbird < 52.3, when applying style rules to pseudo-elements, such as ::first-line, using...
Date Advisory Package Description
10 Aug 2017 ASA-201708-3 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2017-18/