[SECURITY] [DLA 852-1] firefox-esr security update

2017-03-1017:37:17

lists.debian.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.924 High

EPSS

Percentile

99.0%

JSON

Package : firefox-esr
Version : 45.8.0esr-1~deb7u1
CVE ID : CVE-2017-5398 CVE-2017-5400 CVE-2017-5401 CVE-2017-5402
CVE-2017-5404 CVE-2017-5405 CVE-2017-5407 CVE-2017-5408
CVE-2017-5410

Multiple security issues have been found in the Mozilla Firefox web
browser: Multiple memory safety errors, use-after-frees and other
implementation errors may lead to the execution of arbitrary code, ASLR
bypass, information disclosure or denial of service.

For Debian 7 "Wheezy", these problems have been fixed in version
45.8.0esr-1~deb7u1.

We recommend that you upgrade your firefox-esr packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7alliceweasel-l10n-ml< 1:45.8.0esr-1~deb7u1iceweasel-l10n-ml_1:45.8.0esr-1~deb7u1_all.deb
Debian7allfirefox-esr-l10n-ta< 45.8.0esr-1~deb7u1firefox-esr-l10n-ta_45.8.0esr-1~deb7u1_all.deb
Debian8allfirefox-esr-l10n-pa-in< 45.8.0esr-1~deb8u1firefox-esr-l10n-pa-in_45.8.0esr-1~deb8u1_all.deb
Debian7allicedove-l10n-pa-in< 1:45.8.0-3~deb7u1icedove-l10n-pa-in_1:45.8.0-3~deb7u1_all.deb
Debian8allfirefox-esr-l10n-tr< 45.8.0esr-1~deb8u1firefox-esr-l10n-tr_45.8.0esr-1~deb8u1_all.deb
Debian8allicedove-l10n-ga-ie< 1:45.8.0-3~deb8u1icedove-l10n-ga-ie_1:45.8.0-3~deb8u1_all.deb
Debian7alliceweasel-l10n-fy-nl< 1:45.8.0esr-1~deb7u1iceweasel-l10n-fy-nl_1:45.8.0esr-1~deb7u1_all.deb
Debian7allthunderbird-l10n-tr< 1:45.8.0-3~deb7u1thunderbird-l10n-tr_1:45.8.0-3~deb7u1_all.deb
Debian7alllightning-l10n-gl< 1:45.8.0-3~deb7u1lightning-l10n-gl_1:45.8.0-3~deb7u1_all.deb
Debian8allfirefox-esr-l10n-an< 45.8.0esr-1~deb8u1firefox-esr-l10n-an_45.8.0esr-1~deb8u1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	iceweasel-l10n-ml	< 1:45.8.0esr-1~deb7u1	iceweasel-l10n-ml_1:45.8.0esr-1~deb7u1_all.deb
Debian	7	all	firefox-esr-l10n-ta	< 45.8.0esr-1~deb7u1	firefox-esr-l10n-ta_45.8.0esr-1~deb7u1_all.deb
Debian	8	all	firefox-esr-l10n-pa-in	< 45.8.0esr-1~deb8u1	firefox-esr-l10n-pa-in_45.8.0esr-1~deb8u1_all.deb
Debian	7	all	icedove-l10n-pa-in	< 1:45.8.0-3~deb7u1	icedove-l10n-pa-in_1:45.8.0-3~deb7u1_all.deb
Debian	8	all	firefox-esr-l10n-tr	< 45.8.0esr-1~deb8u1	firefox-esr-l10n-tr_45.8.0esr-1~deb8u1_all.deb
Debian	8	all	icedove-l10n-ga-ie	< 1:45.8.0-3~deb8u1	icedove-l10n-ga-ie_1:45.8.0-3~deb8u1_all.deb
Debian	7	all	iceweasel-l10n-fy-nl	< 1:45.8.0esr-1~deb7u1	iceweasel-l10n-fy-nl_1:45.8.0esr-1~deb7u1_all.deb
Debian	7	all	thunderbird-l10n-tr	< 1:45.8.0-3~deb7u1	thunderbird-l10n-tr_1:45.8.0-3~deb7u1_all.deb
Debian	7	all	lightning-l10n-gl	< 1:45.8.0-3~deb7u1	lightning-l10n-gl_1:45.8.0-3~deb7u1_all.deb
Debian	8	all	firefox-esr-l10n-an	< 45.8.0esr-1~deb8u1	firefox-esr-l10n-an_45.8.0esr-1~deb8u1_all.deb