Debian Firefox-Esr vulnerabilities

CVE-2017-5439 [CRITICAL] CVE-2017-5439: firefox - A use-after-free vulnerability during XSLT processing due to poor handling of te... A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5438 [CRITICAL] CVE-2017-5438: firefox - A use-after-free vulnerability during XSLT processing due to the result handler ... A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5398 [CRITICAL] CVE-2017-5398: firefox - Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed ... Memory safety bugs were reported in Thunderbird 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 52, Firefox ESR < 45.8, Thunderbird < 52, and Thunderbird < 45.8. Scope: local sid: resolved (fixed in 52.0-1)

CVE-2017-7785 [CRITICAL] CVE-2017-7785: firefox - A buffer overflow can occur when manipulating Accessible Rich Internet Applicati... A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5428 [CRITICAL] CVE-2017-5428: firefox - An integer overflow in "createImageBitmap()" was reported through the Pwn2Own co... An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1.

CVE-2017-5390 [CRITICAL] CVE-2017-5390: firefox - The JSON viewer in the Developer Tools uses insecure methods to create a communi... The JSON viewer in the Developer Tools uses insecure methods to create a communication channel for copying and viewing JSON or HTTP headers data, allowing for potential privilege escalation. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5440 [CRITICAL] CVE-2017-5440: firefox - A use-after-free vulnerability during XSLT processing due to a failure to propag... A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local

CVE-2017-7750 [CRITICAL] CVE-2017-7750: firefox - A use-after-free vulnerability during video control operations when a "<track>" ... A use-after-free vulnerability during video control operations when a "" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5446 [CRITICAL] CVE-2017-5446: firefox - An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames... An out-of-bounds read when an HTTP/2 connection to a servers sends "DATA" frames with incorrect data content. This leads to a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5464 [CRITICAL] CVE-2017-5464: firefox - During DOM manipulations of the accessibility tree through script, the DOM tree ... During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-5374 [CRITICAL] CVE-2017-5374: firefox - Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evid... Memory safety bugs were reported in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-7803 [HIGH] CVE-2017-7803: firefox - When a page's content security policy (CSP) header contains a "sandbox" directiv... When a page's content security policy (CSP) header contains a "sandbox" directive, other directives are ignored. This results in the incorrect enforcement of CSP. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7814 [HIGH] CVE-2017-7814: firefox - File downloads encoded with "blob:" and "data:" URL elements bypassed normal fil... File downloads encoded with "blob:" and "data:" URL elements bypassed normal file download checks though the Phishing and Malware Protection feature and its block lists of suspicious sites and files. This would allow malicious sites to lure users into downloading executables that would otherwise be detected as suspicious. This vulnerability affects Firefox < 56, Firef

CVE-2017-7807 [HIGH] CVE-2017-7807: firefox - A mechanism that uses AppCache to hijack a URL in a domain using fallback by ser... A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-7773 [HIGH] CVE-2017-7773: firefox - Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz... Heap-based Buffer Overflow write in Graphite2 library in Firefox before 54 in lz4::decompress src/Decompressor. Scope: local sid: resolved (fixed in 54.0-1)

CVE-2017-5445 [HIGH] CVE-2017-5445: firefox - A vulnerability while parsing "application/http-index-format" format content whe... A vulnerability while parsing "application/http-index-format" format content where uninitialized values are used to create an array. This could allow the reading of uninitialized memory into the arrays affected. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53. Scope: local sid: resolved (fixed in 52.0.1-1)

CVE-2017-7787 [HIGH] CVE-2017-7787: firefox - Same-origin policy protections can be bypassed on pages with embedded iframes du... Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55. Scope: local sid: resolved (fixed in 55.0-1)

CVE-2017-5382 [HIGH] CVE-2017-5382: firefox - Feed preview for RSS feeds can be used to capture errors and exceptions generate... Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content. This vulnerability affects Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5386 [HIGH] CVE-2017-5386: firefox - WebExtension scripts can use the "data:" protocol to affect pages loaded by othe... WebExtension scripts can use the "data:" protocol to affect pages loaded by other web extensions using this protocol, leading to potential data disclosure or privilege escalation in affected extensions. This vulnerability affects Firefox ESR < 45.7 and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)

CVE-2017-5378 [HIGH] CVE-2017-5378: firefox - Hashed codes of JavaScript objects are shared between pages. This allows for poi... Hashed codes of JavaScript objects are shared between pages. This allows for pointer leaks because an object's address can be discovered through hash codes, and also allows for data leakage of an object's content using these hash codes. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51. Scope: local sid: resolved (fixed in 51.0-1)