[Winvulns-announcements] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Vulnerabilities to Windows Systems'
Notification of New Vulnerabilties to Windows Systems Fixlet Messages
winvulns-announcements at bigmail.bigfix.com
Tue Jun 20 05:21:17 PDT 2017
Fixlet Site - 'Vulnerabilities to Windows Systems'
Current Version: 547 Published: Mon, 19 Jun 2017 23:47:36 GMT
New Fixlets:
============
***************************************************************
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8542
Severity: Medium
Fixlet ID: 240101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2401
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8542
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8539.
***************************************************************
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8539
Severity: Medium
Fixlet ID: 240201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2402
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8539
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8537, and CVE-2017-8542.
***************************************************************
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8536
Severity: Medium
Fixlet ID: 241601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2416
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8536
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
***************************************************************
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8538
Severity: High
Fixlet ID: 241701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2417
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8538
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.
***************************************************************
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8537
Severity: Medium
Fixlet ID: 241801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2418
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8537
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
***************************************************************
Title: Microsoft Malware Protection Engine Denial of Service Vulnerability - CVE-2017-8535
Severity: Medium
Fixlet ID: 241901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2419
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8535
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
***************************************************************
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5047
Severity: Medium
Fixlet ID: 242001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2420
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5047
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
***************************************************************
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5051
Severity: Medium
Fixlet ID: 242101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2421
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5051
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
***************************************************************
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5048
Severity: Medium
Fixlet ID: 242201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2422
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5048
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
***************************************************************
Title: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView - CVE-2017-5043
Severity: Medium
Fixlet ID: 242301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2423
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5043
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
***************************************************************
Title: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5044
Severity: Medium
Fixlet ID: 242401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2424
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5044
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Heap buffer overflow in filter processing in Skia in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
***************************************************************
Title: XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5045
Severity: Medium
Fixlet ID: 242501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2425
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5045
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page.
***************************************************************
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5050
Severity: Medium
Fixlet ID: 242601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2426
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5050
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
***************************************************************
Title: Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation - CVE-2017-5041
Severity: Medium
Fixlet ID: 242701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2427
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5041
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page.
***************************************************************
Title: Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5042
Severity: Low
Fixlet ID: 242802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2428
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5042
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
***************************************************************
Title: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5046
Severity: Medium
Fixlet ID: 242901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2429
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5046
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android had insufficient policy enforcement, which allowed a remote attacker to spoof the location object via a crafted HTML page, related to Blink information disclosure.
***************************************************************
Title: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux - CVE-2017-5049
Severity: Medium
Fixlet ID: 243001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2430
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5049
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
***************************************************************
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8541
Severity: High
Fixlet ID: 243101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2431
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8541
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.
***************************************************************
Title: Microsoft Malware Protection Engine Remote Code Execution Vulnerability - CVE-2017-8540
Severity: High
Fixlet ID: 243201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2432
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8540
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
***************************************************************
Title: Use-after-free working with events in FontFace objects - CVE-2017-5402
Severity: <Unspecified>
Fixlet ID: 243701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2437
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5402
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free can occur when events are fired for a FontFace object after the object has been already been destroyed while working with fonts. This results in a potentially exploitable crash.
***************************************************************
Title: File deletion via callback parameter in Mozilla Windows Updater and Maintenance Service - CVE-2017-5409
Severity: <Unspecified>
Fixlet ID: 243801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2438
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5409
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected.
***************************************************************
Title: File picker can choose incorrect default directory - CVE-2017-5414
Severity: <Unspecified>
Fixlet ID: 243901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2439
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5414
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: The file picker dialog can choose and display the wrong local default directory when instantiated. On some operating systems, this can lead to information disclosure, such as the operating system or the local account name.
***************************************************************
Title: Javascript: URLs can obfuscate addressbar location - CVE-2017-5420
Severity: <Unspecified>
Fixlet ID: 244001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2440
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5420
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A javascript: url loaded by a malicious page can obfuscate its location by blanking the URL displayed in the addressbar, allowing for an attacker to spoof an existing page without the malicious page's address being displayed correctly.
***************************************************************
Title: Addressbar spoofing through blob URL - CVE-2017-5415
Severity: <Unspecified>
Fixlet ID: 244101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2441
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5415
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An attack can use a blob URL and script to spoof an arbitrary addressbar URL prefaced by blob: as the protocol, leading to user confusion and further spoofing attacks.
***************************************************************
Title: asm.js JIT-spray bypass of ASLR and DEP - CVE-2017-5400
Severity: <Unspecified>
Fixlet ID: 244201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2442
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5400
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: JIT-spray targeting asm.js combined with a heap spray allows for a bypass of ASLR and DEP protections leading to potential memory corruption attacks.
***************************************************************
Title: Addressbar spoofing by draging and dropping URLs - CVE-2017-5417
Severity: <Unspecified>
Fixlet ID: 244301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2443
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5417
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: When dragging content from the primary browser pane to the addressbar on a malicious site, it is possible to change the addressbar so that the displayed location following navigation does not match the URL of the newly loaded page. This allows for spoofing attacks.
***************************************************************
Title: FTP response codes can cause use of uninitialized values for ports - CVE-2017-5405
Severity: <Unspecified>
Fixlet ID: 244401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2444
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5405
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Certain response codes in FTP connections can result in the use of uninitialized values for ports in FTP operations.
***************************************************************
Title: Repeated authentication prompts lead to DOS attack - CVE-2017-5419
Severity: <Unspecified>
Fixlet ID: 244501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2445
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5419
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: If a malicious site repeatedly triggers a modal authentication prompt, eventually the browser UI will become non-responsive, requiring shutdown through the operating system. This is a denial of service (DOS) attack.
***************************************************************
Title: Memory Corruption when handling ErrorResult - CVE-2017-5401
Severity: <Unspecified>
Fixlet ID: 244601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2446
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5401
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A crash triggerable by web content in which an ErrorResult references unassigned memory due to a logic error. The resulting crash may be exploitable.
***************************************************************
Title: Segmentation fault during bidirectional operations - CVE-2017-5413
Severity: <Unspecified>
Fixlet ID: 244702
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2447
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5413
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A segmentation fault can occur during some bidirectional layout operations.
***************************************************************
Title: Out of bounds read when parsing HTTP digest authorization responses - CVE-2017-5418
Severity: <Unspecified>
Fixlet ID: 244802
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2448
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5418
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: An out of bounds read error occurs when parsing some HTTP digest authorization responses, resulting in information leakage through the reading of random memory containing matches to specifically set patterns.
***************************************************************
Title: Print preview spoofing - CVE-2017-5421
Severity: <Unspecified>
Fixlet ID: 244901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2449
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5421
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A malicious site could spoof the contents of the print preview window if popup windows are enabled, resulting in user confusion of what site is currently loaded.
***************************************************************
Title: Memory safety bugs fixed in Firefox 52 and Firefox ESR 45.8 - CVE-2017-5398
Severity: <Unspecified>
Fixlet ID: 245001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2450
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5398
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community members Boris Zbarsky, Christian Holler, Honza Bambas, Jon Coppeard, Randell Jesup, André Bargull, Kan-Ru Chen, and Nathan Froyd reported memory safety bugs present in Firefox 51 and Firefox ESR 45.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
***************************************************************
Title: Cross-origin reading of video captions in violation of CORS - CVE-2017-5408
Severity: <Unspecified>
Fixlet ID: 245101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2451
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5408
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Video files loaded video captions cross-origin without checking for the presence of CORS headers permitting such cross-origin use, leading to potential information disclosure for video captions.
***************************************************************
Title: Null dereference crash in HttpChannel - CVE-2017-5416
Severity: <Unspecified>
Fixlet ID: 245201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2452
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5416
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: In certain circumstances a networking event listener can be prematurely released. This appears to result in a null dereference in practice.
***************************************************************
Title: Pixel and history stealing via floating-point timing side channel with SVG filters - CVE-2017-5407
Severity: <Unspecified>
Fixlet ID: 245301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2453
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5407
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Using SVG filters that don't use the fixed point math implementation on a target iframe, a malicious page can extract pixel values from a targeted user. This can be used to extract history information and read text values across domains. This violates same-origin policy and leads to information disclosure.
***************************************************************
Title: DOS attack by using view-source: protocol repeatedly in one hyperlink - CVE-2017-5422
Severity: <Unspecified>
Fixlet ID: 245401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2454
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5422
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: If a malicious site uses the view-source: protocol in a series within a single hyperlink, it can trigger a non-exploitable browser crash when the hyperlink is selected. This was fixed by no longer making view-source: linkable.
***************************************************************
Title: Use-after-free using addRange to add range to an incorrect root object - CVE-2017-5403
Severity: <Unspecified>
Fixlet ID: 245501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2455
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5403
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: When adding a range to an object in the DOM, it is possible to use addRange to add the range to an incorrect root object. This triggers a use-after-free, resulting in a potentially exploitable crash.
***************************************************************
Title: Use-after-free working with ranges in selections - CVE-2017-5404
Severity: <Unspecified>
Fixlet ID: 245601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2456
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5404
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free error can occur when manipulating ranges in selections with one node inside a native anonymous tree and one node outside of it. This results in a potentially exploitable crash.
***************************************************************
Title: Buffer overflow read in SVG filters - CVE-2017-5412
Severity: <Unspecified>
Fixlet ID: 245701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2457
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5412
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A buffer overflow read during SVG filter color value operations, resulting in data exposure.
***************************************************************
Title: Non-existent chrome.manifest file loaded during startup - CVE-2017-5427
Severity: <Unspecified>
Fixlet ID: 245801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2458
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5427
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A non-existent chrome.manifest file will attempt to be loaded during startup from the primary installation directory. If a malicious user with local access puts chrome.manifest and other referenced files in this directory, they will be loaded and activated during startup. This could result in malicious software being added without consent or modification of referenced installed files.
***************************************************************
Title: Memory safety bugs fixed in Firefox 52 - CVE-2017-5399
Severity: <Unspecified>
Fixlet ID: 245901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2459
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5399
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community members Carsten Book, Calixte Denizet, Christian Holler, Andrew McCreight, David Bolter, David Keeler, Jon Coppeard, Tyson Smith, Ronald Crane, Tooru Fujisawa, Ben Kelly, Bob Owen, Jed Davis, Julian Seward, Julian Hector, Philipp, Markus Stange, and André Bargull reported memory safety bugs present in Firefox 51. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
***************************************************************
Title: Memory corruption during JavaScript garbage collection incremental sweeping - CVE-2017-5410
Severity: <Unspecified>
Fixlet ID: 246001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2460
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5410
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup.
***************************************************************
Title: Use-after-free in Buffer Storage in libGLES - CVE-2017-5411
Severity: <Unspecified>
Fixlet ID: 246101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2461
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5411
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free can occur during buffer storage operations within the ANGLE graphics library, used for WebGL content. The buffer storage can be freed while still in use in some circumstances, leading to a potentially exploitable crash. Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected.
***************************************************************
Title: Segmentation fault in Skia with canvas operations - CVE-2017-5406
Severity: <Unspecified>
Fixlet ID: 246201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2462
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5406
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A segmentation fault can occur in the Skia graphics library during some canvas operations due to issues with mask/clip intersection and empty masks.
***************************************************************
Title: Use-after-free during focus handling - CVE-2017-5434
Severity: <Unspecified>
Fixlet ID: 246801
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2468
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5434
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability occurs when redirecting focus handling which results in a potentially exploitable crash.
***************************************************************
Title: Use-after-free with selection during scroll events - CVE-2017-5441
Severity: <Unspecified>
Fixlet ID: 246901
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2469
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5441
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability when holding a selection during scroll events. This results in a potentially exploitable crash.
***************************************************************
Title: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5440
Severity: <Unspecified>
Fixlet ID: 247001
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2470
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5440
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability during XSLT processing due to a failure to propagate error conditions during matching while evaluating context, leading to objects being used when they no longer exist. This results in a potentially exploitable crash.
***************************************************************
Title: Vulnerabilities in Libevent library - CVE-2016-10196
Severity: Medium
Fixlet ID: 247101
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2471
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10196
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Three vulnerabilities were reported in the Libevent library that allow for out-of-bounds reads and denial of service (DoS) attacks. These were fixed in the Libevent library and these changes were ported to Mozilla code.
***************************************************************
Title: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5438
Severity: <Unspecified>
Fixlet ID: 247201
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2472
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5438
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability during XSLT processing due to the result handler being held by a freed handler during handling. This results in a potentially exploitable crash.
***************************************************************
Title: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5429
Severity: <Unspecified>
Fixlet ID: 247301
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2473
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5429
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community members Christian Holler, Jon Coppeard, Marcia Knous, David Baron, Mats Palmgren, Ronald Crane, Bob Clary, and Chris Peterson reported memory safety bugs present in Firefox 52, Firefox ESR 45.8, and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
***************************************************************
Title: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5439
Severity: <Unspecified>
Fixlet ID: 247401
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2474
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5439
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash.
***************************************************************
Title: Use-after-free during style changes - CVE-2017-5442
Severity: <Unspecified>
Fixlet ID: 247501
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2475
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5442
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash.
***************************************************************
Title: Use-after-free in text input selection - CVE-2017-5432
Severity: <Unspecified>
Fixlet ID: 247601
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2476
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5432
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: A use-after-free vulnerability occurs during certain text input selection resulting in a potentially exploitable crash.
***************************************************************
Title: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5430
Severity: <Unspecified>
Fixlet ID: 247701
Fixlet Link: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.cisecurity%3Adef%3A2477
Fixlet Link: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5430
Fixlet Link: http://nvd.nist.gov/cvss.cfm?vectorinfo
Fixlet Description: Mozilla developers and community members Christian Holler, Jon Coppeard, Milan Sreckovic, Tyson Smith, Ronald Crane, Randell Jesup, Philipp, Tooru Fujisawa, and Kan-Ru Chen reported memory safety bugs present in Firefox 52 and Firefox ESR 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
More information about the WinVulns-Announcements
mailing list