openSUSE Security Update: Security update for Mozilla Firefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1099-1 Rating: important References: #1035082 Cross-References: CVE-2017-5429 CVE-2017-5443 CVE-2017-5444 CVE-2017-5446 CVE-2017-5447 CVE-2017-5448 CVE-2017-5449 CVE-2017-5460 CVE-2017-5461 CVE-2017-5464 CVE-2017-5465 CVE-2017-5466 CVE-2017-5467 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: Mozilla Firefox was updated to Firefox 52.1.0esr. The following vulnerabilities were fixed (bsc#1035082): - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content The package is now following the ESR 52 branch: - Enable plugin support by default - service workers are disabled by default - push notifications are disabled by default - WebAssembly (wasm) is disabled - Less use of multiprocess architecture Electrolysis (e10s) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-509=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-509=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (i586 x86_64): MozillaFirefox-52.1.0-57.6.1 MozillaFirefox-branding-upstream-52.1.0-57.6.1 MozillaFirefox-buildsymbols-52.1.0-57.6.1 MozillaFirefox-debuginfo-52.1.0-57.6.1 MozillaFirefox-debugsource-52.1.0-57.6.1 MozillaFirefox-devel-52.1.0-57.6.1 MozillaFirefox-translations-common-52.1.0-57.6.1 MozillaFirefox-translations-other-52.1.0-57.6.1 - openSUSE Leap 42.1 (x86_64): MozillaFirefox-52.1.0-61.1 MozillaFirefox-branding-upstream-52.1.0-61.1 MozillaFirefox-buildsymbols-52.1.0-61.1 MozillaFirefox-debuginfo-52.1.0-61.1 MozillaFirefox-debugsource-52.1.0-61.1 MozillaFirefox-devel-52.1.0-61.1 MozillaFirefox-translations-common-52.1.0-61.1 MozillaFirefox-translations-other-52.1.0-61.1 References: https://www.suse.com/security/cve/CVE-2017-5429.html https://www.suse.com/security/cve/CVE-2017-5443.html https://www.suse.com/security/cve/CVE-2017-5444.html https://www.suse.com/security/cve/CVE-2017-5446.html https://www.suse.com/security/cve/CVE-2017-5447.html https://www.suse.com/security/cve/CVE-2017-5448.html https://www.suse.com/security/cve/CVE-2017-5449.html https://www.suse.com/security/cve/CVE-2017-5460.html https://www.suse.com/security/cve/CVE-2017-5461.html https://www.suse.com/security/cve/CVE-2017-5464.html https://www.suse.com/security/cve/CVE-2017-5465.html https://www.suse.com/security/cve/CVE-2017-5466.html https://www.suse.com/security/cve/CVE-2017-5467.html https://bugzilla.suse.com/1035082 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org