【CESA-2017:0190】最新バージョンのfirefoxが、Red Hat Enterprise Linux 5/6/7 からご利用いただけるようになりました
CESA-2017:0190
最新バージョンのfirefoxが、Red Hat Enterprise Linux 5/6/7 からご利用いただけるようになりました。
Red Hat製品のセキュリティ及び品質は大変ご好評いただいております。
今回の最新バージョンVulnerability Scoring System(CVSS)は、各セキュリティホールへのアクセス安全面を厳重にクラス分けし、確実・安全に詳細レポートをお送りいたします。参照セクションのリンクをクリックしてください。
[Updated 21 February 2017]
This advisory has been updated to include Firefox packages for the PPC and S390
architectures that were previously omitted. For this revised update, packages
for all architectures were rebuilt. The rebuilt packages do not contain any new
code changes.
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 45.7.0 ESR.
Security Fix(es):
* Multiple flaws were found in the processing of malformed web content. A web
page containing malicious content could cause Firefox to crash or, potentially,
execute arbitrary code with the privileges of the user running Firefox.
(CVE-2017-5373, CVE-2017-5375, CVE-2017-5376, CVE-2017-5378, CVE-2017-5380,
CVE-2017-5383, CVE-2017-5386, CVE-2017-5390, CVE-2017-5396)
Red Hat would like to thank the Mozilla project for reporting these issues.
Upstream acknowledges Jann Horn, Filipe Gomes, Muneaki Nishimura, Nils, Armin
Razmjou, Christian Holler, Gary Kwong, André Bargull, Jan de Mooij, Tom
Schuster, Oriol, Rh0, Nicolas Grégoire, and Jerri Rice as the original
reporters.
Bugs Fixed
1415924 – CVE-2017-5373 Mozilla: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7 (MFSA 2017-01)
1416271 – CVE-2017-5375 Mozilla: Excessive JIT code allocation allows bypass of ASLR and DEP (MFSA 2017-02)
1416272 – CVE-2017-5376 Mozilla: Use-after-free in XSL (MFSA 2017-02)
1416273 – CVE-2017-5378 Mozilla: Pointer and frame data leakage of Javascript objects (MFSA 2017-02)
1416274 – CVE-2017-5380 Mozilla: Potential use-after-free during DOM manipulations (MFSA 2017-02)
1416279 – CVE-2017-5390 Mozilla: Insecure communication methods in Developer Tools JSON viewer (MFSA 2017-02)
1416280 – CVE-2017-5396 Mozilla: Use-after-free with Media Decoder (MFSA 2017-02)
1416281 – CVE-2017-5383 Mozilla: Location bar spoofing with unicode characters (MFSA 2017-02)
1416282 – CVE-2017-5386 Mozilla: WebExtensions can use data: protocol to affect other extensions (MFSA 2017-02)