{"id":"MGASA-2017-0081","summary":"Updated firefox packages fix security vulnerability","details":"Multiple flaws were found in the processing of malformed web content. A\nweb page containing malicious content could cause Firefox to crash or,\npotentially, execute arbitrary code with the privileges of the user\nrunning Firefox (CVE-2017-5398, CVE-2017-5400, CVE-2017-5401,\nCVE-2017-5402, CVE-2017-5404, CVE-2017-5407, CVE-2017-5408, CVE-2017-5410,\nCVE-2017-5405).\n\nAlso, the nss package has been updated to version 3.28.3, in which the\nNext Protocol Negotiation (NPN) extension has been replaced by the\nApplication-Layer Protocol Negotiation (ALPN) extension and which now\nsupports the Finite Field Diffie-Hellman Ephemeral Parameters (FFDHE)\nnegotiation.\n\nDue to the nss update, the sqlite3 package has been updated to version\n3.10.2.\n\nAdditionally, an error in the nss package has been corrected, where it was\nfailing to build against the system rootcerts package and instead was\nusing a bundled version, which could have caused the rootcerts that NSS\nused to be outdated at times (mga#20053).  The nss package has now been\nbuilt against the latest rootcerts, which have also been updated.\n","modified":"2026-04-16T06:26:21.456472858Z","published":"2017-03-23T21:21:35Z","upstream":["CVE-2017-5398","CVE-2017-5400","CVE-2017-5401","CVE-2017-5402","CVE-2017-5404","CVE-2017-5405","CVE-2017-5407","CVE-2017-5408","CVE-2017-5410"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2017-0081.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20419"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/"},{"type":"WEB","url":"http://www.sqlite.org/releaselog/3_8_11_1.html"},{"type":"WEB","url":"http://www.sqlite.org/releaselog/3_9_2.html"},{"type":"WEB","url":"http://www.sqlite.org/releaselog/3_10_2.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHSA-2017-0461.html"},{"type":"WEB","url":"https://rhn.redhat.com/errata/RHEA-2017-0460.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=20053"}],"affected":[{"package":{"name":"rootcerts","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20170209.00-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0081.json"}},{"package":{"name":"sqlite3","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/sqlite3?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.2-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0081.json"}},{"package":{"name":"nss","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.28.3-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0081.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.8.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0081.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"45.8.0-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2017-0081.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}