Errata overview
Errata ID 274
Date 2018-01-31
Source package firefox-esr
Fixed in version 52.6.0esr-1~deb8u1
Description 
This update addresses the following issues:
* CVE-2017-7753 Out-of-bounds read with cached style data and pseudo-elements
  (MFSA 2017-19)
* CVE-2017-7779 Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
  (MFSA 2017-19)
* CVE-2017-7784 Use-after-free with image observers (MFSA 2017-19)
* CVE-2017-7785 Buffer overflow manipulating ARIA elements in DOM (MFSA
  2017-19)
* CVE-2017-7786 Buffer overflow while painting non-displayable SVG (MFSA
  2017-19)
* CVE-2017-7787 Same-origin policy bypass with iframes through page reloads
  (MFSA 2017-19)
* CVE-2017-7791 Spoofing following page navigation with data: protocol and
  modal alerts (MFSA 2017-19)
* CVE-2017-7792 Buffer overflow viewing certificates with long OID (MFSA
  2017-19)
* CVE-2017-7793 Use-after-free with Fetch API (MFSA 2017-22)
* CVE-2017-7798 XUL injection in the style editor in devtools (MFSA 2017-19)
* CVE-2017-7800 Use-after-free in WebSockets during disconnection (MFSA
  2017-19)
* CVE-2017-7801 Use-after-free with marquee during window resizing
* CVE-2017-7802 Use-after-free resizing image elements (MFSA 2017-19)
* CVE-2017-7803 CSP directives improperly applied with sandbox flag in
  iframes (MFSA 2017-19)
* CVE-2017-7805 Potential use-after-free in TLS 1.2 server when verifying
  client authentication
* CVE-2017-7807 Domain hijacking through appcache fallback (MFSA 2017-19)
* CVE-2017-7809 Use-after-free while deleting attached editor DOM node (MFSA
  2017-19)
* CVE-2017-7810 Memory safety bugs fixed in Firefox 56 and Firefox ESR 52.4
  (MFSA 2017-22)
* CVE-2017-7814 Blob and data URLs bypass phishing and malware protection
  warnings (MFSA 2017-22)
* CVE-2017-7818 Use-after-free during ARIA array manipulation (MFSA 2017-22)
* CVE-2017-7819 Use-after-free while resizing images in design mode (MFSA
  2017-22)
* CVE-2017-7823 CSP sandbox directive did not create a unique origin (MFSA
  2017-22)
* CVE-2017-7824 Buffer overflow when drawing and validating elements with
  ANGLE (MFSA 2017-22)
* CVE-2017-7826 Memory safety bugs fixed in Firefox 57 and Firefox ESR 52.5
  (MFSA 2017-25)
* CVE-2017-7828 Use-after-free of PressShell while restyling layout (MFSA
  2017-25)
* CVE-2017-7830 Cross-origin URL information leak through Resource Timing API
  (MFSA 2017-25)
* CVE-2017-7843 Web worker in Private Browsing mode can write IndexedDB data
* CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
  (MFSA 2018-03)
* CVE-2018-5091: Use-after-free with DTMF timers (MFSA 2018-03)
* CVE-2018-5095: Integer overflow in Skia library during edge builder
  allocation (MFSA 2018-03)
* CVE-2018-5096: Use-after-free while editing form elements (MFSA 2018-03)
* CVE-2018-5097: Use-after-free when source document is manipulated during
  XSLT (MFSA 2018-03)
* CVE-2018-5098: Use-after-free while manipulating form input elements (MFSA
  2018-03)
* CVE-2018-5099: Use-after-free with widget listener (MFSA 2018-03)
* CVE-2018-5102: Use-after-free in HTML media elements (MFSA 2018-03)
* CVE-2018-5103: Use-after-free during mouse event handling (MFSA 2018-03)
* CVE-2018-5104: Use-after-free during font face manipulation (MFSA 2018-03)
* CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
  (MFSA 2018-03)
Additional notes
CVE ID CVE-2017-7843
CVE-2017-7828
CVE-2017-7830
CVE-2017-7826
CVE-2017-7793
CVE-2017-7818
CVE-2017-7819
CVE-2017-7824
CVE-2017-7805
CVE-2017-7814
CVE-2017-7823
CVE-2017-7810
CVE-2017-7753
CVE-2017-7779
CVE-2017-7784
CVE-2017-7785
CVE-2017-7786
CVE-2017-7787
CVE-2017-7791
CVE-2017-7792
CVE-2017-7798
CVE-2017-7800
CVE-2017-7801
CVE-2017-7802
CVE-2017-7803
CVE-2017-7807
CVE-2017-7809
CVE-2018-5091
CVE-2018-5095
CVE-2018-5096
CVE-2018-5097
CVE-2018-5098
CVE-2018-5099
CVE-2018-5102
CVE-2018-5103
CVE-2018-5104
CVE-2018-5117
CVE-2018-5089
UCS Bug number #45611