Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0066 Mozilla Foundation Security Advisory 2017-14 9 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Mozilla Firefox ESR Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-5031 Member content until: Thursday, June 8 2017 Reference: ASB-2017.0024 ESB-2017.0833 ESB-2017.0708 ESB-2017.0679 OVERVIEW A vulnerability has been identified in Mozilla Firefox prior to version 53.0.2 and Firefox ESR prior to version 52.1.1. [1] IMPACT Mozilla has given the following information regarding this vulnerability: "CVE-2017-5031: Use after free in ANGLE Reporter Bob Clary, Looben Yang Impact high Description A use-after-free can occur during Buffer11 API calls within the ANGLE graphics library, used for WebGL content. This can lead to a potentially exploitable crash. Note: This issue is in libGLES, which is only in use on Windows. Other operating systems are not affected. References Bug 1328762" [1] MITIGATION Mozilla recommends upgrading Firfox and Firefox ESR to the latest version. [1] REFERENCES [1] Mozilla Foundation Security Advisory 2017-14 https://www.mozilla.org/en-US/security/advisories/mfsa2017-14/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWREd+ox+lLeg9Ub1AQg/6Q/8CwWCR0yDyxLJCir6UBEveoYU6aQXWSCQ I6jUDx32SeEdWTiVLf8RISuVZAC4LLrSIvcTsYyxFUauN86ewhuxBPIqf9ZEcDsr zLu9uiOVsREiBNzAdfQgKzVb+rAFZMzU4ZeBcqO1QdzgEZNQxyvAoYcKQD+5uQCh s1mEfGJir9/ozNPV9aFJ17X9D40IEiqjpsCbpfEVo7TAaJWsF79bjjLTW0xULsXV Up2uCt2LKEOQXr0yBzaYGFL3Io8+G1ZNt4UsYef6WjH7SJvh41wSbCNIA4jyIGSw wpS11EnydhwXe0X5/1kDmYmq2L6E4EOsdSRfE0aeDfChfvd1buJPxdl1oVpGX8Cv A8504opieVI3TluqEUmiYbz8bB9PRbDmi47GEK/Y+/zALnx2bnvlBZrFLEDLMVZY ViKZtu1e2d71eE9mCiqwxj8I8H3xzAQuSWDERtEBR1XjrERe5AK1cgdo+zlvhRon rcC+9HSHb1lmuUDQx/xFaztfB/AnlxJUDZu+Iz9BctJTCTbuTCmfIDUlCie8weUk UTlfNAr8olUjlLYzZono3ejLdhoTsE8NDpaz8kPOsoiSJlyFKtNnolmNVPu1aP50 J2atVz8QGG9E4SFCfN4zNm0fcpGTyv4tT0tRlJ+mpOSN/VsRSNMGRmSpyaWWqhO2 j+gQ6NrqWk4= =eP5S -----END PGP SIGNATURE-----