ESB-2017.2121 - [SUSE] Mozilla Firefox: Multiple vulnerabilities 2017-08-23

Printable version
PGP/GPG verifiable version

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.2121
       SUSE Security Update: Security update for MozillaFirefox, Mo
           zillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss
                              23 August 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          MozillaFirefox
                  mozilla-nss
                  firefox-gcc5
                  MozillaFirefox-branding-SLED
Publisher:        SUSE
Operating System: SUSE
Impact/Access:    Execute Arbitrary Code/Commands -- Remote with User Interaction
                  Cross-site Scripting            -- Remote with User Interaction
                  Denial of Service               -- Remote with User Interaction
                  Provide Misleading Information  -- Remote with User Interaction
                  Access Confidential Data        -- Existing Account            
Resolution:       Patch/Upgrade
CVE Names:        CVE-2017-7778 CVE-2017-7768 CVE-2017-7765
                  CVE-2017-7764 CVE-2017-7763 CVE-2017-7761
                  CVE-2017-7758 CVE-2017-7757 CVE-2017-7756
                  CVE-2017-7755 CVE-2017-7754 CVE-2017-7752
                  CVE-2017-7751 CVE-2017-7750 CVE-2017-7749
                  CVE-2017-5472 CVE-2017-5470 CVE-2017-5469
                  CVE-2017-5467 CVE-2017-5466 CVE-2017-5465
                  CVE-2017-5464 CVE-2017-5462 CVE-2017-5461
                  CVE-2017-5460 CVE-2017-5459 CVE-2017-5456
                  CVE-2017-5455 CVE-2017-5454 CVE-2017-5451
                  CVE-2017-5449 CVE-2017-5448 CVE-2017-5447
                  CVE-2017-5446 CVE-2017-5445 CVE-2017-5444
                  CVE-2017-5443 CVE-2017-5442 CVE-2017-5441
                  CVE-2017-5440 CVE-2017-5439 CVE-2017-5438
                  CVE-2017-5436 CVE-2017-5435 CVE-2017-5434
                  CVE-2017-5433 CVE-2017-5432 CVE-2017-5430
                  CVE-2017-5429 CVE-2016-10196 CVE-2015-5276

Reference:        ASB-2017.0091
                  ASB-2017.0065
                  ESB-2017.2096
                  ESB-2017.1868
                  ESB-2017.1683

- --------------------------BEGIN INCLUDED TEXT--------------------

   SUSE Security Update: Security update for MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:2235-1
Rating:             important
References:         #1025108 #1031485 #1035082 #1043960 #930392 
                    #930496 #935510 #939460 #945842 #953831 #954002 
                    #955382 #962765 #964468 #966220 #968771 
Cross-References:   CVE-2015-5276 CVE-2016-10196 CVE-2017-5429
                    CVE-2017-5430 CVE-2017-5432 CVE-2017-5433
                    CVE-2017-5434 CVE-2017-5435 CVE-2017-5436
                    CVE-2017-5438 CVE-2017-5439 CVE-2017-5440
                    CVE-2017-5441 CVE-2017-5442 CVE-2017-5443
                    CVE-2017-5444 CVE-2017-5445 CVE-2017-5446
                    CVE-2017-5447 CVE-2017-5448 CVE-2017-5449
                    CVE-2017-5451 CVE-2017-5454 CVE-2017-5455
                    CVE-2017-5456 CVE-2017-5459 CVE-2017-5460
                    CVE-2017-5461 CVE-2017-5462 CVE-2017-5464
                    CVE-2017-5465 CVE-2017-5466 CVE-2017-5467
                    CVE-2017-5469 CVE-2017-5470 CVE-2017-5472
                    CVE-2017-7749 CVE-2017-7750 CVE-2017-7751
                    CVE-2017-7752 CVE-2017-7754 CVE-2017-7755
                    CVE-2017-7756 CVE-2017-7757 CVE-2017-7758
                    CVE-2017-7761 CVE-2017-7763 CVE-2017-7764
                    CVE-2017-7765 CVE-2017-7768 CVE-2017-7778
                   
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Server 11-SP3-LTSS
                    SUSE Linux Enterprise Point of Sale 11-SP3
                    SUSE Linux Enterprise Debuginfo 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP3
______________________________________________________________________________

   An update that fixes 51 vulnerabilities is now available.

Description:

   This update for MozillaFirefox and mozilla-nss fixes the following issues:

   Security issues fixed:
   - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16)
     - CVE-2017-7758: Out-of-bounds read in Opus encoder
     - CVE-2017-7749: Use-after-free during docshell reloading
     - CVE-2017-7751: Use-after-free with content viewer listeners
     - CVE-2017-5472: Use-after-free using destroyed node when regenerating
       trees
     - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR
       52.2
     - CVE-2017-7752: Use-after-free with IME input
     - CVE-2017-7750: Use-after-free with track elements
     - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance
       Service
     - CVE-2017-7778: Vulnerabilities in the Graphite 2 library
     - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object
     - CVE-2017-7755: Privilege escalation through Firefox Installer with
       same directory DLL files
     - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header
       errors
     - CVE-2017-7757: Use-after-free in IndexedDB
     - CVE-2017-7761: File deletion and privilege escalation through Mozilla
       Maintenance Service helper.exe application
     - CVE-2017-7763: Mac fonts render some unicode characters as spaces
     - CVE-2017-7765: Mark of the Web bypass when saving executable files
     - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics
       and other unicode blocks

   - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12)
     - CVE-2016-10196: Vulnerabilities in Libevent library
     - CVE-2017-5443: Out-of-bounds write during BinHex decoding
     - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR
       45.9, and Firefox ESR 52.1
     - CVE-2017-5464: Memory corruption with accessibility and DOM
       manipulation
     - CVE-2017-5465: Out-of-bounds read in ConvolvePixel
     - CVE-2017-5466: Origin confusion when reloading isolated data:text/html
       URL
     - CVE-2017-5467: Memory corruption when drawing Skia content
     - CVE-2017-5460: Use-after-free in frame selection
     - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
     - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
     - CVE-2017-5449: Crash during bidirectional unicode manipulation with
       animation
     - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent
       with incorrect data
     - CVE-2017-5447: Out-of-bounds read during glyph processing
     - CVE-2017-5444: Buffer overflow while parsing
       application/http-index-format content
     - CVE-2017-5445: Uninitialized values used while parsing
       application/http- index-format content
     - CVE-2017-5442: Use-after-free during style changes
     - CVE-2017-5469: Potential Buffer overflow in flex-generated code
     - CVE-2017-5440: Use-after-free in txExecutionState destructor during
       XSLT processing
     - CVE-2017-5441: Use-after-free with selection during scroll events
     - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT
       processing
     - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
     - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
     - CVE-2017-5435: Use-after-free during transaction processing in the
       editor
     - CVE-2017-5434: Use-after-free during focus handling
     - CVE-2017-5433: Use-after-free in SMIL animation functions
     - CVE-2017-5432: Use-after-free in text input selection
     - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR
       52.1
     - CVE-2017-5459: Buffer overflow in WebGL
     - CVE-2017-5462: DRBG flaw in NSS
     - CVE-2017-5455: Sandbox escape through internal feed reader APIs
     - CVE-2017-5454: Sandbox escape allowing file system read access through
       file picker
     - CVE-2017-5456: Sandbox escape allowing local file system access
     - CVE-2017-5451: Addressbar spoofing with onblur event

   - General
     - CVE-2015-5276: Fix for C++11 std::random_device short reads
       (bsc#945842)

   Bugfixes:
   - workaround for Firefox hangs (bsc#1031485, bsc#1025108)
   - Update to gcc-5-branch head.
     * Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468),
       (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382).
   - Add fix to revert accidential libffi ABI breakage on AARCH64.
     (bsc#968771)
   - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again.
     (bsc#954002)
   - Fix libffi include install.  (bsc#935510)


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-MozillaFirefox-13237=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-MozillaFirefox-13237=1

   - SUSE Linux Enterprise Server 11-SP3-LTSS:

      zypper in -t patch slessp3-MozillaFirefox-13237=1

   - SUSE Linux Enterprise Point of Sale 11-SP3:

      zypper in -t patch sleposp3-MozillaFirefox-13237=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-MozillaFirefox-13237=1

   - SUSE Linux Enterprise Debuginfo 11-SP3:

      zypper in -t patch dbgsp3-MozillaFirefox-13237=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mozilla-nss-devel-3.29.5-47.3.2

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ppc64 s390x x86_64):

      MozillaFirefox-devel-52.2.0esr-72.5.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      firefox-libffi4-5.3.1+r233831-7.1
      firefox-libstdc++6-5.3.1+r233831-7.1
      libfreebl3-3.29.5-47.3.2
      libsoftokn3-3.29.5-47.3.2
      mozilla-nss-3.29.5-47.3.2
      mozilla-nss-tools-3.29.5-47.3.2

   - SUSE Linux Enterprise Server 11-SP4 (i586 ppc64 s390x x86_64):

      MozillaFirefox-52.2.0esr-72.5.2
      MozillaFirefox-branding-SLED-52-24.3.44
      MozillaFirefox-translations-52.2.0esr-72.5.2

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libfreebl3-32bit-3.29.5-47.3.2
      libsoftokn3-32bit-3.29.5-47.3.2
      mozilla-nss-32bit-3.29.5-47.3.2

   - SUSE Linux Enterprise Server 11-SP4 (ia64):

      libfreebl3-x86-3.29.5-47.3.2
      libsoftokn3-x86-3.29.5-47.3.2
      mozilla-nss-x86-3.29.5-47.3.2

   - SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):

      MozillaFirefox-52.2.0esr-72.5.2
      MozillaFirefox-branding-SLED-52-24.3.44
      MozillaFirefox-translations-52.2.0esr-72.5.2
      firefox-libffi4-5.3.1+r233831-7.1
      firefox-libstdc++6-5.3.1+r233831-7.1
      libfreebl3-3.29.5-47.3.2
      libsoftokn3-3.29.5-47.3.2
      mozilla-nss-3.29.5-47.3.2
      mozilla-nss-tools-3.29.5-47.3.2

   - SUSE Linux Enterprise Server 11-SP3-LTSS (s390x x86_64):

      libfreebl3-32bit-3.29.5-47.3.2
      libsoftokn3-32bit-3.29.5-47.3.2
      mozilla-nss-32bit-3.29.5-47.3.2

   - SUSE Linux Enterprise Point of Sale 11-SP3 (i586):

      MozillaFirefox-52.2.0esr-72.5.2
      MozillaFirefox-branding-SLED-52-24.3.44
      MozillaFirefox-translations-52.2.0esr-72.5.2
      firefox-libffi4-5.3.1+r233831-7.1
      firefox-libstdc++6-5.3.1+r233831-7.1
      libfreebl3-3.29.5-47.3.2
      libsoftokn3-3.29.5-47.3.2
      mozilla-nss-3.29.5-47.3.2
      mozilla-nss-tools-3.29.5-47.3.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      mozilla-nss-debuginfo-3.29.5-47.3.2
      mozilla-nss-debugsource-3.29.5-47.3.2

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64):

      MozillaFirefox-debuginfo-52.2.0esr-72.5.2

   - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):

      MozillaFirefox-debuginfo-52.2.0esr-72.5.2
      firefox-gcc5-debuginfo-5.3.1+r233831-7.1
      firefox-gcc5-debugsource-5.3.1+r233831-7.1
      firefox-libffi-gcc5-debuginfo-5.3.1+r233831-7.1
      mozilla-nss-debuginfo-3.29.5-47.3.2
      mozilla-nss-debugsource-3.29.5-47.3.2


References:

   https://www.suse.com/security/cve/CVE-2015-5276.html
   https://www.suse.com/security/cve/CVE-2016-10196.html
   https://www.suse.com/security/cve/CVE-2017-5429.html
   https://www.suse.com/security/cve/CVE-2017-5430.html
   https://www.suse.com/security/cve/CVE-2017-5432.html
   https://www.suse.com/security/cve/CVE-2017-5433.html
   https://www.suse.com/security/cve/CVE-2017-5434.html
   https://www.suse.com/security/cve/CVE-2017-5435.html
   https://www.suse.com/security/cve/CVE-2017-5436.html
   https://www.suse.com/security/cve/CVE-2017-5438.html
   https://www.suse.com/security/cve/CVE-2017-5439.html
   https://www.suse.com/security/cve/CVE-2017-5440.html
   https://www.suse.com/security/cve/CVE-2017-5441.html
   https://www.suse.com/security/cve/CVE-2017-5442.html
   https://www.suse.com/security/cve/CVE-2017-5443.html
   https://www.suse.com/security/cve/CVE-2017-5444.html
   https://www.suse.com/security/cve/CVE-2017-5445.html
   https://www.suse.com/security/cve/CVE-2017-5446.html
   https://www.suse.com/security/cve/CVE-2017-5447.html
   https://www.suse.com/security/cve/CVE-2017-5448.html
   https://www.suse.com/security/cve/CVE-2017-5449.html
   https://www.suse.com/security/cve/CVE-2017-5451.html
   https://www.suse.com/security/cve/CVE-2017-5454.html
   https://www.suse.com/security/cve/CVE-2017-5455.html
   https://www.suse.com/security/cve/CVE-2017-5456.html
   https://www.suse.com/security/cve/CVE-2017-5459.html
   https://www.suse.com/security/cve/CVE-2017-5460.html
   https://www.suse.com/security/cve/CVE-2017-5461.html
   https://www.suse.com/security/cve/CVE-2017-5462.html
   https://www.suse.com/security/cve/CVE-2017-5464.html
   https://www.suse.com/security/cve/CVE-2017-5465.html
   https://www.suse.com/security/cve/CVE-2017-5466.html
   https://www.suse.com/security/cve/CVE-2017-5467.html
   https://www.suse.com/security/cve/CVE-2017-5469.html
   https://www.suse.com/security/cve/CVE-2017-5470.html
   https://www.suse.com/security/cve/CVE-2017-5472.html
   https://www.suse.com/security/cve/CVE-2017-7749.html
   https://www.suse.com/security/cve/CVE-2017-7750.html
   https://www.suse.com/security/cve/CVE-2017-7751.html
   https://www.suse.com/security/cve/CVE-2017-7752.html
   https://www.suse.com/security/cve/CVE-2017-7754.html
   https://www.suse.com/security/cve/CVE-2017-7755.html
   https://www.suse.com/security/cve/CVE-2017-7756.html
   https://www.suse.com/security/cve/CVE-2017-7757.html
   https://www.suse.com/security/cve/CVE-2017-7758.html
   https://www.suse.com/security/cve/CVE-2017-7761.html
   https://www.suse.com/security/cve/CVE-2017-7763.html
   https://www.suse.com/security/cve/CVE-2017-7764.html
   https://www.suse.com/security/cve/CVE-2017-7765.html
   https://www.suse.com/security/cve/CVE-2017-7768.html
   https://www.suse.com/security/cve/CVE-2017-7778.html
   https://bugzilla.suse.com/1025108
   https://bugzilla.suse.com/1031485
   https://bugzilla.suse.com/1035082
   https://bugzilla.suse.com/1043960
   https://bugzilla.suse.com/930392
   https://bugzilla.suse.com/930496
   https://bugzilla.suse.com/935510
   https://bugzilla.suse.com/939460
   https://bugzilla.suse.com/945842
   https://bugzilla.suse.com/953831
   https://bugzilla.suse.com/954002
   https://bugzilla.suse.com/955382
   https://bugzilla.suse.com/962765
   https://bugzilla.suse.com/964468
   https://bugzilla.suse.com/966220
   https://bugzilla.suse.com/968771

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWZ0ADIx+lLeg9Ub1AQisLA//U3I+B5YqMjuMf77t6shvl9qQsFTuJrro
wEC+pvneLUzgFnxz/dgoc6huEOK0CzEDZLHUKQQROhbd4B/DksuNQkJAdKv98XdL
uAOfA06KeH2m+tLMlR96pv9Ggb3Sk+0pIJefF16IZ3NUg/rJu4QhB+PYe53xb4yQ
dC8xYqmmTJmhF6jDSyq7l4gpXLkRT2FfmcyiujEY90UUuISIeJ7e6EM53tMHdWJd
3bZXutjv2VfBuyC3kBvKADa+ayjUlcTwK8YIqlmh3MSEoo8/NOJ0UyYQY/KolSnH
ot+3meKlgYs3Ln4rIbEECt61SJ/cixYKch0xcCOmXTX+81FFthMPYmdDaGkcft6L
dTozK8+uxbekBHIBlRxgefQ7dbj7sopIxM8/wLLoD2gLAIT28MbsUwZEPFseyP/o
KaJAVOQ9DBQhDfDl1Qs7bLlpWsiXDHYNpBe2dq8LUB+PlMugSNx2LAqHQZOLEqeK
2zGo8iCNvsyAy7RxbkXutX3oj2mzYXVSXfXyaayLs1rHaWTqkWtJTKZIKRLTbA0u
cYSx8q6Y96XTEvHSo4/Wuy3w6kaLyZoXiY8fTvAU/OSxd4Qeh2CN1ySNR/marAnD
DgF1o1Nf0/DGtmIMSujh3v+OnEI8/UqCIN7Ij6UYVaYhVcI/9Wqct+BTt3fOIXn2
BN+ORgCs8Vo=
=EHdi
-----END PGP SIGNATURE-----

« Back to bulletins