firefox-52.5.1-1.0.1.el7.AXS7
エラータID: AXSA:2017-2477:08
Mozilla Firefox is an open source web browser.
This update upgrades Firefox to version 52.5.1 ESR.
Security Fix(es):
* A privacy flaw was discovered in Firefox. In Private Browsing mode, a web worker could write persistent data to IndexedDB, which was not cleared when exiting and would persist across multiple sessions. A malicious website could exploit the flaw to bypass private-browsing protections and uniquely fingerprint visitors. (CVE-2017-7843)
Asianux would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Konark as the original reporter.
CVE-2017-7843
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB and fingerprint a user uniquely. IndexedDB should not be available in Private Browsing mode and this stored data will persist across multiple private browsing mode sessions because it is not cleared when exiting. This vulnerability affects Firefox ESR < 52.5.2 and Firefox < 57.0.1.
N/A
SRPMS
- firefox-52.5.1-1.0.1.el7.AXS7.src.rpm
MD5: d8523751b11e7e8d6ffbd660d3da3543
SHA-256: 9aac54625d5f081ab3b21c0876d85a20402c90b29d43a72f533e442d1a7408b6
Size: 367.65 MB
Asianux Server 7 for x86_64
- firefox-52.5.1-1.0.1.el7.AXS7.x86_64.rpm
MD5: 56f88356be9163ab9a336e43749ee3cd
SHA-256: d4b38ead70074fb3655225bf3349bc97418c667f4012c8fe84acb8ca2dd23f29
Size: 83.24 MB - firefox-52.5.1-1.0.1.el7.AXS7.i686.rpm
MD5: a09bf0fd72c6afbd6669595beb5be94e
SHA-256: 395d101c260552ac9a97c86bb5b563df081c511688dff695c1154f142201ff84
Size: 83.46 MB