Bug 7851 - [UPDATE REQUEST 2014.1] Firefox 52.0.2
: [UPDATE REQUEST 2014.1] Firefox 52.0.2
Status: CONFIRMED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
https://advisories.mageia.org/MGASA-2...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-09 22:33 MSD by Алексей-З
Modified: 2017-06-20 18:20 MSD (History)
5 users (show)

See Also:
RPM Package:
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Алексей-З 2017-04-09 22:33:24 MSD
Доступен корректирующий выпуск Firefox 52.0.2 в котором устранено несколько не связанных с безопасностью ошибок:

Решены проблемы, приводящие к крахам при запуске на системах с Linux;
Устранены проблемы с загрузкой пиктограмм вкладок после восстановления сохранённого сеанса;
Для новых установок возвращён по ошибке отключённый диалог, предлагающий использовать Firefox как браузер по умолчанию в системе.
Comment 2 Vladimir Potapov 2017-04-11 09:04:24 MSD
new firefox (i586)
1) freeze on resize
2) crash with flash player
3) crash for youtube
**************************
QA Denied
Comment 3 Zombie Ryushu 2017-04-28 19:48:18 MSD
A bug in the handling of the pipelined requests when send file was used
resulted in the pipelined request being lost when send file processing of
the previous request completed. This could result in responses appearing
to be sent for the wrong request. For example, a user agent that sent
requests A, B and C could see the correct response for request A, the
response for request C for request B and no response for request C
(CVE-2017-5647).

While investigating bug 60718, it was noticed that some calls to
application listeners did not use the appropriate facade object. When
running an untrusted application under a SecurityManager, it was therefore
possible for that untrusted application to retain a reference to the
request or response object and thereby access and/or modify information
associated with another web application (CVE-2017-5648).
Comment 4 Zombie Ryushu 2017-06-20 18:20:26 MSD
Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2017-5470, CVE-2017-5472, CVE-2017-7749,
CVE-2017-7751, CVE-2017-7756, CVE-2017-7771, CVE-2017-7772,
CVE-2017-7773, CVE-2017-7774, CVE-2017-7775, CVE-2017-7776,
CVE-2017-7777, CVE-2017-7778, CVE-2017-7750, CVE-2017-7752,
CVE-2017-7754, CVE-2017-7757, CVE-2017-7758, CVE-2017-7764).

https://advisories.mageia.org/MGASA-2017-0178.html