FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

mozilla -- multiple vulnerabilities

Affected packages
firefox < 56.0.2_10,1
linux-seamonkey < 2.49.2
seamonkey < 2.49.2
firefox-esr < 52.5.0,1
linux-firefox < 52.5.0,2
libxul < 52.5.0
linux-thunderbird < 52.5.0
thunderbird < 52.5.0


VuXML ID f78eac48-c3d1-4666-8de5-63ceea25a578
Discovery 2017-11-14
Entry 2017-11-14

Mozilla Foundation reports:

CVE-2017-7828: Use-after-free of PressShell while restyling layout

CVE-2017-7830: Cross-origin URL information leak through Resource Timing API

CVE-2017-7831: Information disclosure of exposed properties on JavaScript proxy objects

CVE-2017-7832: Domain spoofing through use of dotless 'i' character followed by accent markers

CVE-2017-7833: Domain spoofing with Arabic and Indic vowel marker characters

CVE-2017-7834: data: URLs opened in new tabs bypass CSP protections

CVE-2017-7835: Mixed content blocking incorrectly applies with redirects

CVE-2017-7836: Pingsender dynamically loads libcurl on Linux and OS X

CVE-2017-7837: SVG loaded as <img> can use meta tags to set cookies

CVE-2017-7838: Failure of individual decoding of labels in international domain names triggers punycode display of entire IDN

CVE-2017-7839: Control characters before javascript: URLs defeats self-XSS prevention mechanism

CVE-2017-7840: Exported bookmarks do not strip script elements from user-supplied tags

CVE-2017-7842: Referrer Policy is not always respected for <link> elements

CVE-2017-7827: Memory safety bugs fixed in Firefox 57

CVE-2017-7826: Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5


CVE Name CVE-2017-7826
CVE Name CVE-2017-7827
CVE Name CVE-2017-7828
CVE Name CVE-2017-7830
CVE Name CVE-2017-7831
CVE Name CVE-2017-7832
CVE Name CVE-2017-7833
CVE Name CVE-2017-7834
CVE Name CVE-2017-7835
CVE Name CVE-2017-7836
CVE Name CVE-2017-7837
CVE Name CVE-2017-7838
CVE Name CVE-2017-7839
CVE Name CVE-2017-7840
CVE Name CVE-2017-7842