Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:3272-1 Final 1 1 2017-12-12T16:50:36Z current 2017-12-12T16:50:36Z 2017-12-12T16:50:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox to 52.5.2esr fixes the following issue: - CVE-2017-7843: Web worker in Private Browsing mode can write IndexedDB data (boo#1072034, bmo#1410106, MFSA 2017-28) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-12/msg00047.html E-Mail link for openSUSE-SU-2017:3272-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 MozillaFirefox-52.5.2-69.1 MozillaFirefox-branding-upstream-52.5.2-69.1 MozillaFirefox-buildsymbols-52.5.2-69.1 MozillaFirefox-devel-52.5.2-69.1 MozillaFirefox-translations-common-52.5.2-69.1 MozillaFirefox-translations-other-52.5.2-69.1 MozillaFirefox-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-branding-upstream-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-buildsymbols-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-devel-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-common-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-translations-other-52.5.2-69.1 as a component of openSUSE Leap 42.2 MozillaFirefox-52.5.2-69.1 as a component of openSUSE Leap 42.3 MozillaFirefox-branding-upstream-52.5.2-69.1 as a component of openSUSE Leap 42.3 MozillaFirefox-buildsymbols-52.5.2-69.1 as a component of openSUSE Leap 42.3 MozillaFirefox-devel-52.5.2-69.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-common-52.5.2-69.1 as a component of openSUSE Leap 42.3 MozillaFirefox-translations-other-52.5.2-69.1 as a component of openSUSE Leap 42.3 When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1. CVE-2017-7843 openSUSE Leap 42.2:MozillaFirefox-52.5.2-69.1 openSUSE Leap 42.2:MozillaFirefox-branding-upstream-52.5.2-69.1 openSUSE Leap 42.2:MozillaFirefox-buildsymbols-52.5.2-69.1 openSUSE Leap 42.2:MozillaFirefox-devel-52.5.2-69.1 openSUSE Leap 42.2:MozillaFirefox-translations-common-52.5.2-69.1 openSUSE Leap 42.2:MozillaFirefox-translations-other-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-branding-upstream-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-buildsymbols-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-devel-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-translations-common-52.5.2-69.1 openSUSE Leap 42.3:MozillaFirefox-translations-other-52.5.2-69.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-12/msg00047.html https://www.suse.com/security/cve/CVE-2017-7843.html CVE-2017-7843 https://bugzilla.suse.com/1072034 SUSE Bug 1072034