FreeBSD: VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33 (CVE-2017-5451): mozilla -- multiple vulnerabilities
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From RHSA-2017:1106:
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.1.0 ESR.
Security Fix(es):
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.
From ELSA-2017-1106:
[52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR
From VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33:
Mozilla Foundation reports:
CVE-2017-5433: Use-after-free in SMIL animation functions
CVE-2017-5435: Use-after-free during transaction processing in the editor
CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
CVE-2017-5459: Buffer overflow in WebGL
CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
CVE-2017-5434: Use-after-free during focus handling
CVE-2017-5432: Use-after-free in text input selection
CVE-2017-5460: Use-after-free in frame selection
CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
CVE-2017-5441: Use-after-free with selection during scroll events
CVE-2017-5442: Use-after-free during style changes
CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
CVE-2017-5443: Out-of-bounds write during BinHex decoding
CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
CVE-2017-5447: Out-of-bounds read during glyph processing
CVE-2017-5465: Out-of-bounds read in ConvolvePixel
CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
CVE-2017-5437: Vulnerabilities in Libevent library
CVE-2017-5454: Sandbox escape allowing file system read access through file picker
CVE-2017-5455: Sandbox escape through internal feed reader APIs
CVE-2017-5456: Sandbox escape allowing local file system access
CVE-2017-5469: Potential Buffer overflow in flex-generated code
CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
CVE-2017-5451: Addressbar spoofing with onblur event
CVE-2017-5462: DRBG flaw in NSS
CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
CVE-2017-5467: Memory corruption when drawing Skia content
CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
CVE-2017-5468: Incorrect ownership model for Private Browsing information
CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
From USN-3260-1:
Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429,CVE-2017-5430,CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5436,CVE-2017-5437, CVE-2017-5438,CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442, CVE-2017-5443,CVE-2017-5444,CVE-2017-5445,CVE-2017-5446,CVE-2017-5447, CVE-2017-5448,CVE-2017-5449,CVE-2017-5451,CVE-2017-5453,CVE-2017-5454, CVE-2017-5455,CVE-2017-5456,CVE-2017-5458,CVE-2017-5459,CVE-2017-5460, CVE-2017-5461,CVE-2017-5464,CVE-2017-5465,CVE-2017-5466,CVE-2017-5467, CVE-2017-5468,CVE-2017-5469)
A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)
From SUSE_CVE-2017-5451:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
From ELSA-2017-1201:
[52.1.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.1.0-1] - Update to 52.1.0 [52.0.1-1] - Update to 52.0.1
From RHSA-2017:1201:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 52.1.0.
Security Fix(es):
Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)
Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grégoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.
From USN-3278-1:
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430,CVE-2017-5436,CVE-2017-5443,CVE-2017-5444,CVE-2017-5445, CVE-2017-5446,CVE-2017-5447,CVE-2017-5461,CVE-2017-5467)
Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5437,CVE-2017-5438, CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442,CVE-2017-5449, CVE-2017-5451,CVE-2017-5454,CVE-2017-5459,CVE-2017-5460,CVE-2017-5464, CVE-2017-5465,CVE-2017-5466,CVE-2017-5469,CVE-2017-10195, CVE-2017-10196,CVE-2017-10197)
A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)
Solution(s)
- freebsd-upgrade-package-firefox
- freebsd-upgrade-package-firefox-esr
- freebsd-upgrade-package-libxul
- freebsd-upgrade-package-linux-firefox
- freebsd-upgrade-package-linux-seamonkey
- freebsd-upgrade-package-linux-thunderbird
- freebsd-upgrade-package-seamonkey
- freebsd-upgrade-package-thunderbird
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center