Rapid7 Vulnerability & Exploit Database

FreeBSD: VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33 (CVE-2017-5454): mozilla -- multiple vulnerabilities

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

FreeBSD: VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33 (CVE-2017-5454): mozilla -- multiple vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
04/19/2017
Created
07/25/2018
Added
04/20/2017
Modified
08/08/2018

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From RHSA-2017:1106:

Mozilla Firefox is an open source web browser.

This update upgrades Firefox to version 52.1.0 ESR.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. (CVE-2017-5429, CVE-2017-5430, CVE-2017-5432, CVE-2017-5433, CVE-2017-5434, CVE-2017-5435, CVE-2017-5436, CVE-2017-5437, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5445, CVE-2017-5446, CVE-2017-5447, CVE-2017-5448, CVE-2017-5449, CVE-2017-5451, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5459, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5466, CVE-2017-5467, CVE-2017-5469)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Mozilla developers and community, Nils, Holger Fuhrmannek, Atte Kettunen, Takeshi Terada, Huzaifa Sidhpurwala, Nicolas Grégoire, Chamal De Silva, Chun Han Hsiao, Ivan Fratric of Google Project Zero, Anonymous working with Trend Micro's Zero Day Initiative, Haik Aftandilian, Paul Theriault, Julian Hector, Petr Cerny, Jordi Chancel, and Heather Miller of Google Skia team as the original reporters.

From ELSA-2017-1106:

[52.1.0-2.0.1] - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file [52.1.0-2] - Update to 52.1.0 ESR (Build3) [52.1.0-1] - Update to 52.1.0 ESR

From VID-5E0A038A-CA30-416D-A2F5-38CBF5E7DF33:

Mozilla Foundation reports:

CVE-2017-5433: Use-after-free in SMIL animation functions

CVE-2017-5435: Use-after-free during transaction processing in the editor

CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2

CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS

CVE-2017-5459: Buffer overflow in WebGL

CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL

CVE-2017-5434: Use-after-free during focus handling

CVE-2017-5432: Use-after-free in text input selection

CVE-2017-5460: Use-after-free in frame selection

CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing

CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing

CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing

CVE-2017-5441: Use-after-free with selection during scroll events

CVE-2017-5442: Use-after-free during style changes

CVE-2017-5464: Memory corruption with accessibility and DOM manipulation

CVE-2017-5443: Out-of-bounds write during BinHex decoding

CVE-2017-5444: Buffer overflow while parsing application/http-index-format content

CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data

CVE-2017-5447: Out-of-bounds read during glyph processing

CVE-2017-5465: Out-of-bounds read in ConvolvePixel

CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor

CVE-2017-5437: Vulnerabilities in Libevent library

CVE-2017-5454: Sandbox escape allowing file system read access through file picker

CVE-2017-5455: Sandbox escape through internal feed reader APIs

CVE-2017-5456: Sandbox escape allowing local file system access

CVE-2017-5469: Potential Buffer overflow in flex-generated code

CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content

CVE-2017-5449: Crash during bidirectional unicode manipulation with animation

CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android

CVE-2017-5451: Addressbar spoofing with onblur event

CVE-2017-5462: DRBG flaw in NSS

CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android

CVE-2017-5467: Memory corruption when drawing Skia content

CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android

CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element

CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS

CVE-2017-5468: Incorrect ownership model for Private Browsing information

CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1

CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1

From USN-3260-1:

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, obtain sensitive information, spoof the addressbar contents or other UI elements, escape the sandbox to read local files, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429,CVE-2017-5430,CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5436,CVE-2017-5437, CVE-2017-5438,CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442, CVE-2017-5443,CVE-2017-5444,CVE-2017-5445,CVE-2017-5446,CVE-2017-5447, CVE-2017-5448,CVE-2017-5449,CVE-2017-5451,CVE-2017-5453,CVE-2017-5454, CVE-2017-5455,CVE-2017-5456,CVE-2017-5458,CVE-2017-5459,CVE-2017-5460, CVE-2017-5461,CVE-2017-5464,CVE-2017-5465,CVE-2017-5466,CVE-2017-5467, CVE-2017-5468,CVE-2017-5469)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

From SUSE_CVE-2017-5454:

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

From ELSA-2017-1201:

[52.1.0-1.0.1] - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js [52.1.0-1] - Update to 52.1.0 [52.0.1-1] - Update to 52.0.1

From RHSA-2017:1201:

Mozilla Thunderbird is a standalone mail and newsgroup client.

This update upgrades Thunderbird to version 52.1.0.

Security Fix(es):

Multiple flaws were found in the processing of malformed web content. A web page containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. (CVE-2017-5429, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5459, CVE-2017-5466, CVE-2017-5432, CVE-2017-5434, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5454, CVE-2017-5460, CVE-2017-5464, CVE-2017-5465, CVE-2017-5469, CVE-2016-10195, CVE-2016-10196, CVE-2017-5445, CVE-2017-5449, CVE-2017-5451, CVE-2017-5467, CVE-2016-10197)

Red Hat would like to thank the Mozilla project for reporting these issues. Upstream acknowledges Petr Cerny, Nils, Ivan Fratric (Google Project Zero), Takeshi Terada, Heather Miller (Google Skia team), Chun Han Hsiao, Chamal De Silva, Nicolas Grégoire, Holger Fuhrmannek, Atte Kettunen, Haik Aftandilian, and Jordi Chancel as the original reporters.

From USN-3278-1:

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5429, CVE-2017-5430,CVE-2017-5436,CVE-2017-5443,CVE-2017-5444,CVE-2017-5445, CVE-2017-5446,CVE-2017-5447,CVE-2017-5461,CVE-2017-5467)

Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to spoof the addressbar contents, conduct cross-site scripting (XSS) attacks, cause a denial of service via application crash, or execute arbitrary code. (CVE-2017-5432, CVE-2017-5433,CVE-2017-5434,CVE-2017-5435,CVE-2017-5437,CVE-2017-5438, CVE-2017-5439,CVE-2017-5440,CVE-2017-5441,CVE-2017-5442,CVE-2017-5449, CVE-2017-5451,CVE-2017-5454,CVE-2017-5459,CVE-2017-5460,CVE-2017-5464, CVE-2017-5465,CVE-2017-5466,CVE-2017-5469,CVE-2017-10195, CVE-2017-10196,CVE-2017-10197)

A flaw was discovered in the DRBG number generation in NSS. If an attacker were able to perform a man-in-the-middle attack, this flaw could potentially be exploited to view sensitive information. (CVE-2017-5462)

Solution(s)

  • freebsd-upgrade-package-firefox
  • freebsd-upgrade-package-firefox-esr
  • freebsd-upgrade-package-libxul
  • freebsd-upgrade-package-linux-firefox
  • freebsd-upgrade-package-linux-seamonkey
  • freebsd-upgrade-package-linux-thunderbird
  • freebsd-upgrade-package-seamonkey
  • freebsd-upgrade-package-thunderbird

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;