1021836 – (CVE-2017-5392) VUL-0: CVE-2017-5392: MozillaFirefox: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage

Bug 1021836 (CVE-2017-5392) - VUL-0: CVE-2017-5392: MozillaFirefox: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage

Summary: VUL-0: CVE-2017-5392: MozillaFirefox: Weak references using multiple threads ...

Status:	RESOLVED WORKSFORME

Alias:	CVE-2017-5392

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Android 5.0.x

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	Wolfgang Rosenauer
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	1021991
	Show dependency tree / graph

Clone This Bug

Reported:	2017-01-25 09:09 UTC by Andreas Stieger
Modified:	2017-01-25 22:20 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2017-01-25 09:09:14 UTC

Security vulnerabilities fixed in Firefox 51
https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/

Discovered by: Honza Bambas
Weak proxy objects have weak references on multiple threads when they should only have them on one, resulting in incorrect memory usage and corruption, which leads to potentially exploitable crashes. Note: This issue only affects Firefox for Android. Other operating systems are not affected.

https://bugzilla.mozilla.org/show_bug.cgi?id=1293709

Comment 1 Andreas Stieger 2017-01-25 09:12:37 UTC

Firefox 51 / openSUSE only. Does not affect SLE. Assigning to openSUSE maintainer.

Comment 2 Andreas Stieger 2017-01-25 09:19:20 UTC

This issue only affects Firefox for Android. Other operating systems are not affected.