Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0066
Mozilla Foundation Security Advisory 2017-14
9 May 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Mozilla Firefox
Mozilla Firefox ESR
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2017-5031
Member content until: Thursday, June 8 2017
Reference: ASB-2017.0024
ESB-2017.0833
ESB-2017.0708
ESB-2017.0679
OVERVIEW
A vulnerability has been identified in Mozilla Firefox prior to version
53.0.2 and Firefox ESR prior to version 52.1.1. [1]
IMPACT
Mozilla has given the following information regarding this
vulnerability:
"CVE-2017-5031: Use after free in ANGLE
Reporter
Bob Clary, Looben Yang
Impact
high
Description
A use-after-free can occur during Buffer11 API calls within the ANGLE
graphics library, used for WebGL content. This can lead to a
potentially exploitable crash.
Note: This issue is in libGLES, which is only in use on Windows.
Other operating systems are not affected.
References
Bug 1328762" [1]
MITIGATION
Mozilla recommends upgrading Firfox and Firefox ESR to the latest
version. [1]
REFERENCES
[1] Mozilla Foundation Security Advisory 2017-14
https://www.mozilla.org/en-US/security/advisories/mfsa2017-14/
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWREd+ox+lLeg9Ub1AQg/6Q/8CwWCR0yDyxLJCir6UBEveoYU6aQXWSCQ
I6jUDx32SeEdWTiVLf8RISuVZAC4LLrSIvcTsYyxFUauN86ewhuxBPIqf9ZEcDsr
zLu9uiOVsREiBNzAdfQgKzVb+rAFZMzU4ZeBcqO1QdzgEZNQxyvAoYcKQD+5uQCh
s1mEfGJir9/ozNPV9aFJ17X9D40IEiqjpsCbpfEVo7TAaJWsF79bjjLTW0xULsXV
Up2uCt2LKEOQXr0yBzaYGFL3Io8+G1ZNt4UsYef6WjH7SJvh41wSbCNIA4jyIGSw
wpS11EnydhwXe0X5/1kDmYmq2L6E4EOsdSRfE0aeDfChfvd1buJPxdl1oVpGX8Cv
A8504opieVI3TluqEUmiYbz8bB9PRbDmi47GEK/Y+/zALnx2bnvlBZrFLEDLMVZY
ViKZtu1e2d71eE9mCiqwxj8I8H3xzAQuSWDERtEBR1XjrERe5AK1cgdo+zlvhRon
rcC+9HSHb1lmuUDQx/xFaztfB/AnlxJUDZu+Iz9BctJTCTbuTCmfIDUlCie8weUk
UTlfNAr8olUjlLYzZono3ejLdhoTsE8NDpaz8kPOsoiSJlyFKtNnolmNVPu1aP50
J2atVz8QGG9E4SFCfN4zNm0fcpGTyv4tT0tRlJ+mpOSN/VsRSNMGRmSpyaWWqhO2
j+gQ6NrqWk4=
=eP5S
-----END PGP SIGNATURE-----