CLD-56 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s) mfsa2017-22

Basic Information:

Affected Package(s) firefox
Deficiency Type SECURITY
Date Created 2017-09-28 11:56:29
Date Last Modified 2017-09-28 13:29:55

Version Specific Information:

Cucumber 1.0 i686fixed in firefox-52.4.0esr-i686-1
Cucumber 1.0 x86_64fixed in firefox-52.4.0esr-x86_64-1

Cucumber 1.1 i686 fixed in firefox-52.4.0esr-i686-1
Cucumber 1.1 x86_64 fixed in firefox-52.4.0esr-x86_64-1

Details:

This CLD addresses the following CVE IDs:
	CVE-2017-7793: Use-after-free with Fetch API
	CVE-2017-7818: Use-after-free during ARIA array manipulation
	CVE-2017-7819: Use-after-free while resizing images in design mode
	CVE-2017-7824: Buffer overflow when drawing and validating elements with ANGLE
	CVE-2017-7805: Use-after-free in TLS 1.2 generating handshake hashes
	CVE-2017-7814: Blob and data URLs bypass phishing and malware protection warnings
	CVE-2017-7825: OS X fonts render some Tibetan and Arabic unicode characters as spaces
	CVE-2017-7823: CSP sandbox directive did not create a unique origin
	CVE-2017-7810: Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4

For more information see:
	https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/