CLD-56 Details
Other IDs this deficiency may be known by:
CVE ID |
None |
Other ID(s) |
mfsa2017-22 |
Basic Information:
Affected Package(s) |
firefox |
Deficiency Type |
SECURITY |
Date Created |
2017-09-28 11:56:29 |
Date Last Modified |
2017-09-28 13:29:55 |
Version Specific Information:
Cucumber 1.0 i686 | fixed in firefox-52.4.0esr-i686-1 |
Cucumber 1.0 x86_64 | fixed in firefox-52.4.0esr-x86_64-1 |
Cucumber 1.1 i686 |
fixed in firefox-52.4.0esr-i686-1 |
Cucumber 1.1 x86_64 |
fixed in firefox-52.4.0esr-x86_64-1 |
Details:
This CLD addresses the following CVE IDs:
CVE-2017-7793: Use-after-free with Fetch API
CVE-2017-7818: Use-after-free during ARIA array manipulation
CVE-2017-7819: Use-after-free while resizing images in design mode
CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
CVE-2017-7823: CSP sandbox directive did not create a unique origin
CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
For more information see:
https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/