Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33 (CVE-2017-5438): mozilla -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33 (CVE-2017-5438): mozilla -- multiple vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/19/2017
Created
07/25/2018
Added
04/20/2017
Modified
08/08/2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:1106:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

From ELSA-2017-1106:

[52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR

From ELSA-2017-1104:

[52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat one - Force requirement of newer gdk-pixbuf2 to ensure a proper update (Todd Vierling) [orabug 19847484] [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR [52.0-5] - Added fix for mozbz#1348168/CVE-2017-5428 [52.0-4] - Update to 52.0 ESR (b4) [52.0-3] - Added fix for rhbz#1423012 - ppc64 gfx crashes [52.0-2] - Enable system nss [52.0-1] - Update to 52.0ESR (B1) - Build RHEL7 package for Gtk3 [52.0-0.13] - Added fix for rhbz#1414535 [52.0-0.12] - Update to 52.0b8 [52.0-0.11] - Readded addons patch [52.0-0.10] - Update to 52.0b3 [52.0-0.9] - Update to 52.0b2 [52.0-0.8] - Update to 52.0b1 [52.0-0.5] - Firefox Aurora 52 testing build [45.5.0-1] - Update to 45.5.0 ESR [45.4.0-3] - Added upcoming upstream patches mozbz#1018486 [45.4.0-2] - Added Laszlo Ersek patch for aarch64 crashes [45.4.0-1] - Update to 45.4.0 ESR [45.3.0-1] - Update to 45.3.0 ESR [45.2.0-3] - Added fix for mozbz#256180 [45.2.0-2] - Added fix for mozbz#975832, rhbz#1343202 [45.2.0-1] - Update to 45.2.0 ESR [45.1.1-2] - Added fix for mozbz#1270046 - new Samba auth response [45.1.1-1] - Update to 45.1.1 ESR [45.1.0-3] - Disabled ffmpeg (rhbz#1330898) [45.1.0-1] - Fixed some regressions introduced by rebase [45.1.0-1] - Update to 45.1.0 ESR [45.0.2-1] - Update to 45.0.2 ESR [45.0.1-1] - Update to 45.0.1 ESR [45.0-5] - Fixed crashed after start (rhbz#1323744, rhbz#1323738) [45.0-4] - Added system-level location for configuring Firefox (rhbz#1206239) [45.0-3] - Update to 45.0 ESR [38.5.0-3] - Update to 38.5.0 ESR [38.4.0-1] - Update to 38.4.0 ESR [38.3.0-2] - Update to 38.3.0 ESR [38.2.1-1] - Update to 38.2.1 ESR [38.2.0-4] - Update to 38.2.0 ESR [38.1.1-1] - Update to 38.1.1 ESR [38.1.0-1] - Update to 38.1.0 ESR [38.0.1-2] - Fixed rhbz#1222807 by removing preun section [38.0.1-1] - Update to 38.0.1 ESR [38.0-4] - Fixed rhbz#1221286 - After update to Firefox 38 ESR all RH preferences are gone [38.0-3] - Enabled system nss - Removed unused patches * Mon May 04 2015 Jan Horak - 38.0-2 - Update to 38.0 ESR [38.0b8-0.11] - Update to 38.0 Beta 8 [38.0b6-0.10] - Added patch for mozbz#1152515 [38.0b6-0.9] - Update to 38.0 Beta 6 [38.0b5-0.8] - Update to 38.0 Beta 5 [38.0b3-0.7] - Update to 38.0 Beta 3 [38.0b1-0.6] - Added patch for mozbz#1152391 [38.0b1-0.5] - Fix build on AArch64 (based on upstream skia changes) [38.0b1-0.4] - Enabled debug build [38.0b1-1] - Update to 38.0b1 [31.5.0-2] - Update to 31.5.0 ESR Build 2 [31.4.0-1] - Update to 31.4.0 ESR [31.3.0-6] - Fixed Bug 1140385 - [HP HPS 7.1 bug] assertion 'sys_page_size == 0' when starting firefox [31.3.0-5] - Fixed problems with dictionary (mozbz#1097550) - JS JIT fixes for ppc64le [31.3.0-3] - Fixed geolocation key location [31.3.0-2] - Disable exact rooting for JS [31.3.0-1] - Update to 31.3.0 ESR Build 2 - Fix for geolocation API (rhbz#1063739) [31.2.0-5] - Enabled gstreamer-1 support (rhbz#1161077) [31.2.0-4] - Fix webRTC for aarch64, ppc64le (rhbz#1148622) [31.2.0-3] - Update to 31.2.0 ESR - Fix for mozbz#1042889 [31.1.0-7] - Enable WebM on all arches [31.1.0-6] - Enable all NPAPI plugins by default to keep compatibility with the FF24 line [31.1.0-5] - Added workaround for rhbz#1134876 [31.1.0-3] - Disable mozilla::pkix (mozbz#1063315) - Enable image cache [31.1.0-2] - A workaround for rhbz#1110291 [31.1.0-1] - Update to 31.1.0 ESR [31.0-3] - Built with system libvpx/WebM [31.0-2] - Built with system nss/nspr [31.0-1] - Update to 31.0 ESR [24.6.0-1] - Update to 24.6.0 ESR [24.5.0-2] - Removed unused patches [24.5.0-1] - Update to 24.5.0 ESR [24.4.0-3] - Added a workaround for Bug 1054242 - RHEVM: Extremely high memory usage in Firefox 24 ESR on RHEL 6.5 [24.4.0-2] - fixed rhbz#1067343 - Broken languagepack configuration after firefox update [24.4.0-1] - Update to 24.4.0 ESR [24.3.0-3] - fixed rhbz#1054832 - Firefox does not support Camellia cipher [24.3.0-1] - Update to 24.3.0 ESR [24.2.0-3] - Mass rebuild 2014-01-24 [24.2.0-2] - Mass rebuild 2013-12-27 [24.2.0-1] - Update to 24.2.0 ESR [24.1.0-5] - Fixed mozbz#938730 - avoid mix of memory allocators (crashes) when using system sqlite [24.1.0-4] - Fixed rhbz#1034541 - No translation being picked up from langpacks for firefox [24.1.0-3] - Conflicts with old, xulrunner based firefox [24.1.0-2] - Ship dependentlibs.list (rhbz#1027782) - Nss/nspr dependency update [24.1.0-1] - Update to 24.1.0 ESR [24.0-2] - Build as stand alone browser, without xulrunner [24.0-1] - Update to 24.0 ESR [17.0.9-1] - Update to 17.0.9 ESR [17.0.8-2] - Desktop file update - Spec file tweaks [17.0.8-1] - Update to 17.0.8 ESR [17.0.7-2] - Updated manual page [17.0.7-1] - Update to 17.0.7 ESR [17.0.6-1] - Update to 17.0.6 ESR [17.0.5-3] - Removed mozilla prefix from desktop file (rhbz#826960) [17.0.5-2] - Updated XulRunner SDK check [17.0.5-1] - Update to 17.0.5 ESR [17.0.4-2] - Fixed rhbz#837606 - firefox has no x-scheme-handler/http mime [17.0.4-1] - Update to 17.0.4 ESR - Added fix for mozbz#239254 - [Linux] Support disk cache on a local path [17.0.2-3] - Added NM preferences [17.0.2-2] - Updated preferences (NFS, nspluginwrapper) [17.0.2-1] - Update to 17.0.2 ESR [17.0.1-1] - Update to 17.0.1 ESR [10.0.8-2] - Update to 10.0.8 ESR [10.0.7-1] - Update to 10.0.7 ESR [10.0.6-1] - Update to 10.0.6 ESR [10.0.5-4] - Enabled WebM [10.0.5-2] - Added fix for mozbz#703633, rhbz#818341 [10.0.5-1] - Update to 10.0.5 ESR [10.0.4-1] - Update to 10.0.4 ESR [10.0.3-1] - Update to 10.0.3 ESR [10.0.1-1] - Update to 10.0.1 ESR [10.0-3] - Update to 10.0 ESR [10.0-1] - Update to 10.0 [7.0-5] - Update to 7.0 [7.0-4] - Update to 7.0 Beta 6 [7.0-2] - Update to 7.0 Beta 4 [5.0-1] - Update to 5.0 [3.6.18-1] - Fixed #698313 - 'background-repeat' css property isn't rendered well - Update to 3.6.18 [3.6.17-1] - Update to 3.6.17 [3.6.15-1] - Update to 3.6.15 [3.6.14-4] - Update to build3 [3.6.14-3] - Update to build2 [3.6.14-2] - Update to 3.6.14

From VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33:

Mozilla Foundation reports:

CVE-2017-5433: Use-after-free in SMIL animation functions

CVE-2017-5435: Use-after-free during transaction processing in the editor

CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2

CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS

CVE-2017-5459: Buffer overflow in WebGL

CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL

CVE-2017-5434: Use-after-free during focus handling

CVE-2017-5432: Use-after-free in text input selection

CVE-2017-5460: Use-after-free in frame selection

CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing

CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing

CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing

CVE-2017-5441: Use-after-free with selection during scroll events

CVE-2017-5442: Use-after-free during style changes

CVE-2017-5464: Memory corruption with accessibility and DOM manipulation

CVE-2017-5443: Out-of-bounds write during BinHex decoding

CVE-2017-5444: Buffer overflow while parsing application/http-index-format content

CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data

CVE-2017-5447: Out-of-bounds read during glyph processing

CVE-2017-5465: Out-of-bounds read in ConvolvePixel

CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

CVE-2017-5437: Vulnerabilities in Libevent library

CVE-2017-5454: Sandbox escape allowing file system read access through file picker

CVE-2017-5455: Sandbox escape through internal feed reader APIs

CVE-2017-5456: Sandbox escape allowing local file system access

CVE-2017-5469: Potential Buffer overflow in flex-generated code

CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content

CVE-2017-5449: Crash during bidirectional unicode manipulation with animation

CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android

CVE-2017-5451: Addressbar spoofing with onblur event

CVE-2017-5462: DRBG flaw in NSS

CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android

CVE-2017-5467: Memory corruption when drawing Skia content

CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android

CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element

CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS

CVE-2017-5468: Incorrect ownership model for Private Browsing information

CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1

CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

From DSA-3831:

Multiple security issues have been found in the Mozilla Firefox web

browser: Multiple memory safety errors, use-after-frees, buffer

overflows and other implementation errors may lead to the execution of

arbitrary code, information disclosure or denial of service.

From DLA-906-1:

firefox-esr - security update

From USN-3260-1:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429,CVE-2017-5430,CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5436,CVE-2017-5437, CVE-2017-5438,CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442, CVE-2017-5443,CVE-2017-5444,CVE-2017-5445,CVE-2017-5446,CVE-2017-5447, CVE-2017-5448,CVE-2017-5449,CVE-2017-5451,CVE-2017-5453,CVE-2017-5454, CVE-2017-5455,CVE-2017-5456,CVE-2017-5458,CVE-2017-5459,CVE-2017-5460, CVE-2017-5461,CVE-2017-5464,CVE-2017-5465,CVE-2017-5466,CVE-2017-5467, CVE-2017-5468,CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

From RHSA-2017:1104:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, and Petr Cerny as the original reporters.

From SUSE_CVE-2017-5438:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

From ELSA-2017-1201:

[52.1.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.1.0-1] - Update to 52.1.0 [52.0.1-1] - Update to 52.0.1

From RHSA-2017:1201:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 52.1.0.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grégoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.

From USN-3278-1:

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430,CVE-2017-5436,CVE-2017-5443,CVE-2017-5444,CVE-2017-5445, CVE-2017-5446,CVE-2017-5447,CVE-2017-5461,CVE-2017-5467)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5437,CVE-2017-5438, CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442,CVE-2017-5449, CVE-2017-5451,CVE-2017-5454,CVE-2017-5459,CVE-2017-5460,CVE-2017-5464, CVE-2017-5465,CVE-2017-5466,CVE-2017-5469,CVE-2017-10195, CVE-2017-10196,CVE-2017-10197)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

From CESA-2017:1104:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, and Petr Cerny as the original reporters.

Solution(s)

  • freebsd-upgrade-package-firefox
  • freebsd-upgrade-package-firefox-esr
  • freebsd-upgrade-package-libxul
  • freebsd-upgrade-package-linux-firefox
  • freebsd-upgrade-package-linux-seamonkey
  • freebsd-upgrade-package-linux-thunderbird
  • freebsd-upgrade-package-seamonkey
  • freebsd-upgrade-package-thunderbird

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;