Bug 1021831 (CVE-2017-5382) - VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged content errors and exceptions
Summary: VUL-0: CVE-2017-5382: MozillaFirefox: Feed preview can expose privileged cont...
Status: RESOLVED FIXED
Alias: CVE-2017-5382
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.2
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Wolfgang Rosenauer
QA Contact: Security Team bot
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 1021991
  Show dependency treegraph
 
Reported: 2017-01-25 09:08 UTC by Andreas Stieger
Modified: 2020-04-05 18:06 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2017-01-25 09:08:29 UTC 
Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Jerri Rice
Feed preview for RSS feeds can be used to capture errors and exceptions generated by privileged content, allowing for the exposure of internal information not meant to be seen by web content.

https://bugzilla.mozilla.org/show_bug.cgi?id=1295322
Comment 1 Andreas Stieger 2017-01-25 09:12:38 UTC 
Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.
Comment 2 Swamp Workflow Management 2017-01-25 23:01:10 UTC 
bugbot adjusting priority
Comment 3 Andreas Stieger 2017-02-01 18:01:54 UTC 
This is going out for openSUSE: FF, TB, Seamonkey, NSS.
The Java update to fix the NSS compatibility will follow shortly.
Comment 4 Swamp Workflow Management 2017-02-01 23:15:48 UTC 
openSUSE-SU-2017:0358-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 1017174,1021814,1021817,1021818,1021819,1021820,1021821,1021822,1021823,1021824,1021826,1021827,1021828,1021830,1021831,1021832,1021833,1021835,1021837,1021839,1021840,1021841
CVE References: CVE-2017-5373,CVE-2017-5374,CVE-2017-5375,CVE-2017-5376,CVE-2017-5377,CVE-2017-5378,CVE-2017-5379,CVE-2017-5380,CVE-2017-5381,CVE-2017-5382,CVE-2017-5383,CVE-2017-5384,CVE-2017-5385,CVE-2017-5386,CVE-2017-5387,CVE-2017-5388,CVE-2017-5389,CVE-2017-5390,CVE-2017-5391,CVE-2017-5392,CVE-2017-5393,CVE-2017-5394,CVE-2017-5395,CVE-2017-5396
Sources used:
openSUSE Leap 42.2 (src):    MozillaFirefox-51.0.1-50.2
openSUSE Leap 42.1 (src):    MozillaFirefox-51.0.1-50.2