Test ID:	1.3.6.1.4.1.25623.1.2.1.2017.15
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2017-15) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: CVE-2017-5472: Use-after-free using destroyed node when regenerating trees A use-after-free vulnerability with the frameloader during tree reconstruction while regenerating CSS layout when attempting to use a node in the tree that no longer exists. This results in a potentially exploitable crash. CVE-2017-7749: Use-after-free during docshell reloading A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. CVE-2017-7750: Use-after-free with track elements A use-after-free vulnerability during video control operations when a element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. CVE-2017-7751: Use-after-free with content viewer listeners A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. CVE-2017-7752: Use-after-free with IME input A use-after-free vulnerability during specific user interactions with the input method editor (IME) in some languages due to how events are handled. This results in a potentially exploitable crash but would require specific user interaction to trigger. CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object An out-of-bounds read in WebGL with a maliciously crafted ImageInfo object during WebGL operations. CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests (XHR). This could result in a potentially exploitable crash. CVE-2017-7757: Use-after-free in IndexedDB A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. CVE-2017-7778: Vulnerabilities in the Graphite 2 library A number of security vulnerabilities in the Graphite 2 library including out-of-bounds reads, buffer overflow reads and writes, and the use of uninitialized memory. These issues were addressed in Graphite 2 version 1.3.10. CVE-2017-7758: Out-of-bounds read in Opus encoder An out-of-bounds read vulnerability with the Opus encoder when the number of channels in an audio stream changes while the encoder is in use. ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: Firefox version(s) below 54. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-5470 BugTraq ID: 99041 http://www.securityfocus.com/bid/99041 Debian Security Information: DSA-3881 (Google Search) https://www.debian.org/security/2017/dsa-3881 Debian Security Information: DSA-3918 (Google Search) https://www.debian.org/security/2017/dsa-3918 RedHat Security Advisories: RHSA-2017:1440 https://access.redhat.com/errata/RHSA-2017:1440 RedHat Security Advisories: RHSA-2017:1561 https://access.redhat.com/errata/RHSA-2017:1561 http://www.securitytracker.com/id/1038689 Common Vulnerability Exposure (CVE) ID: CVE-2017-5471 BugTraq ID: 99042 http://www.securityfocus.com/bid/99042 Common Vulnerability Exposure (CVE) ID: CVE-2017-5472 BugTraq ID: 99040 http://www.securityfocus.com/bid/99040 Common Vulnerability Exposure (CVE) ID: CVE-2017-7749 BugTraq ID: 99057 http://www.securityfocus.com/bid/99057 Common Vulnerability Exposure (CVE) ID: CVE-2017-7750 Common Vulnerability Exposure (CVE) ID: CVE-2017-7751 Common Vulnerability Exposure (CVE) ID: CVE-2017-7752 Common Vulnerability Exposure (CVE) ID: CVE-2017-7754 Common Vulnerability Exposure (CVE) ID: CVE-2017-7756 Common Vulnerability Exposure (CVE) ID: CVE-2017-7757 Common Vulnerability Exposure (CVE) ID: CVE-2017-7758 Common Vulnerability Exposure (CVE) ID: CVE-2017-7762 BugTraq ID: 99047 http://www.securityfocus.com/bid/99047 RedHat Security Advisories: RHSA-2018:2112 https://access.redhat.com/errata/RHSA-2018:2112 RedHat Security Advisories: RHSA-2018:2113 https://access.redhat.com/errata/RHSA-2018:2113 Common Vulnerability Exposure (CVE) ID: CVE-2017-7764 http://www.unicode.org/reports/tr31/tr31-26.html#Aspirational_Use_Scripts Common Vulnerability Exposure (CVE) ID: CVE-2017-7771 Common Vulnerability Exposure (CVE) ID: CVE-2017-7772 Common Vulnerability Exposure (CVE) ID: CVE-2017-7773 Common Vulnerability Exposure (CVE) ID: CVE-2017-7774 Common Vulnerability Exposure (CVE) ID: CVE-2017-7775 Common Vulnerability Exposure (CVE) ID: CVE-2017-7776 Common Vulnerability Exposure (CVE) ID: CVE-2017-7777 Common Vulnerability Exposure (CVE) ID: CVE-2017-7778 Debian Security Information: DSA-3894 (Google Search) https://www.debian.org/security/2017/dsa-3894 https://security.gentoo.org/glsa/201710-13 RedHat Security Advisories: RHSA-2017:1793 https://access.redhat.com/errata/RHSA-2017:1793
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.