Security update for Mozilla Firefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0765-1 Final 1 1 2017-03-20T19:28:45Z current 2017-03-20T19:28:45Z 2017-03-20T19:28:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Mozilla Firefox Mozilla Firefox was updated to 52.0.1 to fix one security issue: - CVE-2017-5428: integer overflow in createImageBitmap() (boo#1029822, MFSA 2017-08) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00021.html E-Mail link for openSUSE-SU-2017:0765-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 MozillaFirefox-52.0.1-57.3.1 MozillaFirefox-branding-upstream-52.0.1-57.3.1 MozillaFirefox-buildsymbols-52.0.1-57.3.1 MozillaFirefox-devel-52.0.1-57.3.1 MozillaFirefox-translations-common-52.0.1-57.3.1 MozillaFirefox-translations-other-52.0.1-57.3.1 MozillaFirefox-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-branding-upstream-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-buildsymbols-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-devel-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-translations-common-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-translations-other-52.0.1-57.3.1 as a component of openSUSE Leap 42.1 MozillaFirefox-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 MozillaFirefox-branding-upstream-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 MozillaFirefox-buildsymbols-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 MozillaFirefox-devel-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-common-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-other-52.0.1-57.3.1 as a component of openSUSE Leap 42.2 An integer overflow in "createImageBitmap()" was reported through the Pwn2Own contest. The fix for this vulnerability disables the experimental extensions to the "createImageBitmap" API. This function runs in the content sandbox, requiring a second vulnerability to compromise a user's computer. This vulnerability affects Firefox ESR < 52.0.1 and Firefox < 52.0.1. CVE-2017-5428 openSUSE Leap 42.1:MozillaFirefox-52.0.1-57.3.1 openSUSE Leap 42.1:MozillaFirefox-branding-upstream-52.0.1-57.3.1 openSUSE Leap 42.1:MozillaFirefox-buildsymbols-52.0.1-57.3.1 openSUSE Leap 42.1:MozillaFirefox-devel-52.0.1-57.3.1 openSUSE Leap 42.1:MozillaFirefox-translations-common-52.0.1-57.3.1 openSUSE Leap 42.1:MozillaFirefox-translations-other-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-devel-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-translations-common-52.0.1-57.3.1 openSUSE Leap 42.2:MozillaFirefox-translations-other-52.0.1-57.3.1 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-03/msg00021.html https://www.suse.com/security/cve/CVE-2017-5428.html CVE-2017-5428 https://bugzilla.suse.com/1029822 SUSE Bug 1029822