First Last Prev Next    This bug is not in your last search results.
Bug 1021841 - (CVE-2017-5374) VUL-0: CVE-2017-5374: MozillaFirefox: Memory safety bugs fixed in Firefox 51
(CVE-2017-5374)
VUL-0: CVE-2017-5374: MozillaFirefox: Memory safety bugs fixed in Firefox 51
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Major
: ---
Assigned To: Wolfgang Rosenauer
Security Team bot
:
Depends on:
Blocks: 1021991
  Show dependency treegraph
 
Reported: 2017-01-25 09:09 UTC by Andreas Stieger
Modified: 2020-04-05 18:06 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-25 09:09:54 UTC 
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Mozilla developers and community
Mozilla developers and community members Gary Kwong, Olli Pettay, Tooru Fujisawa, Carsten Book, Andrew McCreight, Chris Pearce, Ronald Crane, Jan de Mooij, Julian Seward, Nicolas Pierron, Randell Jesup, Esther Monchari, Honza Bambas, and Philipp reported memory safety bugs present in Firefox 50.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1325344%2C1317501%2C1311319%2C1329989%2C1300145%2C1322305%2C1288561%2C1295747%2C1318766%2C1297808%2C1321374%2C1324810%2C1313385%2C1319888%2C1302231%2C1307458%2C1293327%2C1315447%2C1319456
Comment 1 Andreas Stieger 2017-01-25 09:12:38 UTC 
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Swamp Workflow Management 2017-01-25 23:02:48 UTC 
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-02-01 18:01:55 UTC 
This is going out for openSUSE: FF, TB, Seamonkey, NSS.
The Java update to fix the NSS compatibility will follow shortly.
Comment 4 Swamp Workflow Management 2017-02-01 23:16:57 UTC 
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2
First Last Prev Next    This bug is not in your last search results.