Title
MGASA-2017-0361 -- обновление безопасности для firefox, firefox-l10n, nspr, nss
Description
A use-after-free flaw was found in the TLS 1.2 implementation in the NSS
library when client authentication was used. A malicious client could
use this flaw to cause an application compiled against NSS to crash or,
potentially, execute arbitrary code with the permission of the user
running the application (CVE-2017-7805).
Multiple flaws were found in the processing of malformed web content. A
web page containing malicious content could cause Firefox to crash or,
potentially, execute arbitrary code with the privileges of the user
running Firefox (CVE-2017-7810, CVE-2017-7793, CVE-2017-7818,
CVE-2017-7819, CVE-2017-7824, CVE-2017-7814, CVE-2017-7823).