FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 56.0,1
linux-seamonkey < 2.49.1
seamonkey < 2.49.1
firefox-esr < 52.4.0,1
linux-firefox < 52.4.0,2
libxul < 52.4.0
linux-thunderbird < 52.4.0
thunderbird < 52.4.0

Details

VuXML ID 1098a15b-b0f6-42b7-b5c7-8a8646e8be07
Discovery 2017-09-28
Entry 2017-09-29
Modified 2017-10-03

Mozilla Foundation reports:

CVE-2017-7793: Use-after-free with Fetch API

CVE-2017-7817: Firefox for Android address bar spoofing through fullscreen mode

CVE-2017-7818: Use-after-free during ARIA array manipulation

CVE-2017-7819: Use-after-free while resizing images in design mode

CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE

CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes

CVE-2017-7812: Drag and drop of malicious page content to the tab bar can open locally stored files

CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings

CVE-2017-7813: Integer truncation in the JavaScript parser

CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces

CVE-2017-7815: Spoofing attack with modal dialogs on non-e10s installations

CVE-2017-7816: WebExtensions can load about: URLs in extension UI

CVE-2017-7821: WebExtensions can download and open non-executable files without user interaction

CVE-2017-7823: CSP sandbox directive did not create a unique origin

CVE-2017-7822: WebCrypto allows AES-GCM with 0-length IV

CVE-2017-7820: Xray wrapper bypass with new tab and web console

CVE-2017-7811: Memory safety bugs fixed in Firefox 56

CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

References

CVE Name CVE-2017-7793
CVE Name CVE-2017-7805
CVE Name CVE-2017-7810
CVE Name CVE-2017-7811
CVE Name CVE-2017-7812
CVE Name CVE-2017-7813
CVE Name CVE-2017-7814
CVE Name CVE-2017-7815
CVE Name CVE-2017-7816
CVE Name CVE-2017-7817
CVE Name CVE-2017-7818
CVE Name CVE-2017-7819
CVE Name CVE-2017-7820
CVE Name CVE-2017-7821
CVE Name CVE-2017-7822
CVE Name CVE-2017-7823
CVE Name CVE-2017-7824
CVE Name CVE-2017-7825
URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/
URL https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/