firefox-52.5.1-1.0.1.AXS4
エラータID: AXSA:2017-2476:07
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.5.1 ESR.
Security Fix(es):
* A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)
Asianux would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.
CVE-2017-7843
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
N/A
SRPMS
- firefox-52.5.1-1.0.1.AXS4.src.rpm
MD5: 6eb46dad04f0edf8ef5d826ec4bbe9a1
SHA-256: 549d3afd511d7672e5a3209081dcd18b0b7c932c6c3ee3db5279a7a891c0606e
Size: 368.50 MB
Asianux Server 4 for x86
- firefox-52.5.1-1.0.1.AXS4.i686.rpm
MD5: 0ba6f86fd580c1974d6fb497604afdaf
SHA-256: 01eb5de5a527b5286cb62e18e4dea8ad5995458efb16f24ef9561edd45a69096
Size: 80.19 MB
Asianux Server 4 for x86_64
- firefox-52.5.1-1.0.1.AXS4.x86_64.rpm
MD5: 10defd95aeb5924e505a82bf30145578
SHA-256: 406c765850543b2046fbe6c7904da4631f025b776385f531c10fc136f6bd03e7
Size: 79.72 MB - firefox-52.5.1-1.0.1.AXS4.i686.rpm
MD5: 0ba6f86fd580c1974d6fb497604afdaf
SHA-256: 01eb5de5a527b5286cb62e18e4dea8ad5995458efb16f24ef9561edd45a69096
Size: 80.19 MB
日本語