Bug 1021831 - (CVE-2017-5382) VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged content errors and exceptions
(CVE-2017-5382)
VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged cont...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Normal
: ---
Assigned To: Wolfgang Rosenauer
Security Team bot
:
Depends on:
Blocks: 1021991
  Show dependency treegraph
 
Reported: 2017-01-25 09:08 UTC by Andreas Stieger
Modified: 2020-04-05 18:06 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-25 09:08:29 UTC
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Jerri Rice
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
Comment 1 Andreas Stieger 2017-01-25 09:12:38 UTC
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Swamp Workflow Management 2017-01-25 23:01:10 UTC
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-02-01 18:01:54 UTC
This is going out for openSUSE: FF, TB, Seamonkey, NSS.
The Java update to fix the NSS compatibility will follow shortly.
Comment 4 Swamp Workflow Management 2017-02-01 23:15:48 UTC
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2