Bug 1021824 - (CVE-2017-5373) VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
(CVE-2017-5373)
VUL-0: CVE-2017-5373: MozillaFirefox: Memory safety bugs fixed in Firefox 51 ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Petr Cerny
Security Team bot
CVSSv2:NVD:CVE-2017-5373:7.5:(AV:N/AC...
:
Depends on:
Blocks: 1021991
  Show dependency treegraph
 
Reported: 2017-01-25 09:07 UTC by Andreas Stieger
Modified: 2020-05-12 17:59 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-25 09:07:29 UTC
Security vulnerabilities fixed in Firefox ESR 45.7, Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/
https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/

Discovered by: Mozilla developers and community
Mozilla developers and community members Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom Schuster, and Oriol reported memory safety bugs present in Firefox 50.1 and Firefox ESR 45.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.

https://bugzilla.mozilla.org/buglist.cgi?bug_id=1322315%2C1328834%2C1322420%2C1285833%2C1285960%2C1328251%2C1331058%2C1325938%2C1325877
Comment 1 Andreas Stieger 2017-01-25 09:13:44 UTC
Firefox on SLE and openSUSE, cc openSUSE maintainer
Comment 2 Bernhard Wiedemann 2017-01-25 21:01:36 UTC
This is an autogenerated message for OBS integration:
This bug (1021824) was mentioned in
https://build.opensuse.org/request/show/452490 42.1+42.2+Backports:SLE-12 / MozillaThunderbird
Comment 3 Bernhard Wiedemann 2017-01-26 11:03:51 UTC
This is an autogenerated message for OBS integration:
This bug (1021824) was mentioned in
https://build.opensuse.org/request/show/452598 Factory / MozillaThunderbird
Comment 4 Bernhard Wiedemann 2017-01-27 15:03:38 UTC
This is an autogenerated message for OBS integration:
This bug (1021824) was mentioned in
https://build.opensuse.org/request/show/452961 42.1+42.2+Backports:SLE-12 / MozillaThunderbird
Comment 5 Swamp Workflow Management 2017-02-01 23:09:59 UTC
openSUSE-SU-2017:0354-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021824,1021991
CVE References: CVE-2017-5373,CVE-2017-5375,CVE-2017-5376,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-5390,CVE-2017-5396
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    MozillaThunderbird-45.7.0-23.1
Comment 6 Swamp Workflow Management 2017-02-01 23:12:51 UTC
openSUSE-SU-2017:0357-1: An update that solves 8 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021824,1021991
CVE References: CVE-2017-5373,CVE-2017-5375,CVE-2017-5376,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-5390,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaThunderbird-45.7.0-34.1
openSUSE Leap 42.1 (src):    MozillaThunderbird-45.7.0-34.1
Comment 7 Swamp Workflow Management 2017-02-01 23:14:55 UTC
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2
Comment 8 Swamp Workflow Management 2017-02-08 17:12:13 UTC
SUSE-SU-2017:0426-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021991
CVE References: CVE-2017-5373,CVE-2017-5375,CVE-2017-5376,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-5386,CVE-2017-5390,CVE-2017-5396
Sources used:
SUSE OpenStack Cloud 5 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Manager Proxy 2.1 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Manager 2.1 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Server 11-SP4 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    MozillaFirefox-45.7.0esr-65.2
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    MozillaFirefox-45.7.0esr-65.2
Comment 9 Swamp Workflow Management 2017-02-09 02:09:20 UTC
SUSE-SU-2017:0427-1: An update that solves 9 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021991
CVE References: CVE-2017-5373,CVE-2017-5375,CVE-2017-5376,CVE-2017-5378,CVE-2017-5380,CVE-2017-5383,CVE-2017-5386,CVE-2017-5390,CVE-2017-5396
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Server for SAP 12 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Server 12-SP2 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Server 12-SP1 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Server 12-LTSS (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    MozillaFirefox-45.7.0esr-99.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    MozillaFirefox-45.7.0esr-99.1
Comment 10 Marcus Meissner 2017-10-24 13:19:26 UTC
released