Bug 1021841 (CVE-2017-5374)

Summary: VUL-0: CVE-2017-5374: MozillaFirefox: Memory safety bugs fixed in Firefox 51
Product: [Novell Products] SUSE Security Incidents Reporter: Andreas Stieger <astieger>
Component: IncidentsAssignee: Wolfgang Rosenauer <wolfgang>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: pcerny, wolfgang
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: openSUSE 42.2   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1021991    

Description Andreas Stieger 2017-01-25 09:09:54 UTC 
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Mozilla developers and community
Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456
Comment 1 Andreas Stieger 2017-01-25 09:12:38 UTC 
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Swamp Workflow Management 2017-01-25 23:02:48 UTC 
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-02-01 18:01:55 UTC 
This is going out for openSUSE: FF, TB, Seamonkey, NSS.
The Java update to fix the NSS compatibility will follow shortly.
Comment 4 Swamp Workflow Management 2017-02-01 23:16:57 UTC 
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2