firefox-esr: Security vulnerabilities (CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380, CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox
ESR 45.7
CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR
and DEP
CVE-2017-5376: Use-after-free in XSL
CVE-2017-5378: Pointer and frame data leakage of Javascript
objects
CVE-2017-5380: Potential use-after-free during DOM manipulations
CVE-2017-5383: Location bar spoofing with unicode characters
CVE-2017-5386: WebExtensions can use data: protocol to affect other
extensions
CVE-2017-5390: Insecure communication methods in Developer Tools
JSON viewer
CVE-2017-5396: Use-after-free with Media Decoder
Fixed in:
Firefox ESR 45.7
Reference:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/
(from redmine: issue id 6745, created on 2017-01-26, closed on 2017-01-28)
- Relations:
- child #6746 (closed)
- child #6747 (closed)