Bug 1021831 (CVE-2017-5382)

Summary: VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged content errors and exceptions
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Wolfgang Rosenauer <wolfgang>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: pcerny, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1021991    

Description Andreas Stieger 2017-01-25 09:08:29 UTC
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Jerri Rice
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
Comment 1 Andreas Stieger 2017-01-25 09:12:38 UTC
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Swamp Workflow Management 2017-01-25 23:01:10 UTC
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-02-01 18:01:54 UTC
This is going out for openSUSE: FF, TB, Seamonkey, NSS.
The Java update to fix the NSS compatibility will follow shortly.
Comment 4 Swamp Workflow Management 2017-02-01 23:15:48 UTC
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2