[3.6] firefox-esr: Multiple vulnerabilities (CVE-2017-7793, CVE-2017-7818, CVE-2017-7819, CVE-2017-7824, CVE-2017-7805, CVE-2017-7814, CVE-2017-7825, CVE-2017-7823, CVE-2017-7810)
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements
with ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake
hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware
protection warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode
characters as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique
origin
CVE-2017-7810: Memory safety bugs
Fixed in:
Firefox ESR 52.4
References:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/
(from redmine: issue id 8058, created on 2017-10-25, closed on 2017-11-30)
- Changesets:
- Revision 7117bcd5 by Natanael Copa on 2017-11-23T15:35:39Z:
community/firefox-esr: security upgrade to 52.5.0
fixes #8058