CVE-2017-5447

Upstream information

CVE-2017-5447 at MITRE

Description

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

---

SUSE information

CVSS v2 Scores

	SUSE
Base Score	5.76
Vector	AV:N/AC:M/Au:N/C:P/I:N/A:P
Access Vector	Network
Access Complexity	Medium
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entries: 1035082 [NEW], 1035209 [RESOLVED / INVALID]

SUSE Security Advisories:

• SUSE-SU-2017:1175-1, published Thu, 4 May 2017 15:13:58 +0200 (CEST)
• SUSE-SU-2017:1248-1, published Thu, 11 May 2017 21:15:07 +0200 (CEST)
• openSUSE-SU-2017:1099-1, published Tue, 25 Apr 2017 00:08:46 +0200 (CEST)
• openSUSE-SU-2017:1196-1, published Sun, 7 May 2017 00:11:24 +0200 (CEST)
• openSUSE-SU-2017:1268-1, published Mon, 15 May 2017 18:20:49 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Linux Enterprise Desktop 12 SP1	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 java-1_8_0-openjdk >= 1.8.0.121-23.4 java-1_8_0-openjdk-headless >= 1.8.0.121-23.4 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-DESKTOP-12-SP1-2017-748
SUSE Linux Enterprise Desktop 12 SP2	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 java-1_8_0-openjdk >= 1.8.0.121-23.4 java-1_8_0-openjdk-headless >= 1.8.0.121-23.4 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-DESKTOP-12-SP2-2017-748
SUSE Linux Enterprise Point of Sale 11 SP3	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1	Patchnames: sleposp3-MozillaFirefox-13090
SUSE Linux Enterprise Server 11 SP3-LTSS	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libfreebl3-32bit >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 libsoftokn3-32bit >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-32bit >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-32bit >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1	Patchnames: slessp3-MozillaFirefox-13090
SUSE Linux Enterprise Server 11 SP4	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libfreebl3-32bit >= 3.29.5-46.1 libfreebl3-x86 >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 libsoftokn3-32bit >= 3.29.5-46.1 libsoftokn3-x86 >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-32bit >= 4.13.1-32.1 mozilla-nspr-x86 >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-32bit >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1 mozilla-nss-x86 >= 3.29.5-46.1	Patchnames: slessp4-MozillaFirefox-13090
SUSE Linux Enterprise Server 12 SP1	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 java-1_8_0-openjdk >= 1.8.0.121-23.4 java-1_8_0-openjdk-demo >= 1.8.0.121-23.4 java-1_8_0-openjdk-devel >= 1.8.0.121-23.4 java-1_8_0-openjdk-headless >= 1.8.0.121-23.4 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libfreebl3-hmac >= 3.29.5-57.1 libfreebl3-hmac-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 libsoftokn3-hmac >= 3.29.5-57.1 libsoftokn3-hmac-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-SERVER-12-SP1-2017-748
SUSE Linux Enterprise Server 12 SP2	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 java-1_8_0-openjdk >= 1.8.0.121-23.4 java-1_8_0-openjdk-demo >= 1.8.0.121-23.4 java-1_8_0-openjdk-devel >= 1.8.0.121-23.4 java-1_8_0-openjdk-headless >= 1.8.0.121-23.4 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libfreebl3-hmac >= 3.29.5-57.1 libfreebl3-hmac-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 libsoftokn3-hmac >= 3.29.5-57.1 libsoftokn3-hmac-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-SERVER-12-SP2-2017-748
SUSE Linux Enterprise Server 12-LTSS	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-devel >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libfreebl3-hmac >= 3.29.5-57.1 libfreebl3-hmac-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 libsoftokn3-hmac >= 3.29.5-57.1 libsoftokn3-hmac-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nspr-devel >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-devel >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-SERVER-12-2017-748
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 java-1_8_0-openjdk >= 1.8.0.121-23.4 java-1_8_0-openjdk-demo >= 1.8.0.121-23.4 java-1_8_0-openjdk-devel >= 1.8.0.121-23.4 java-1_8_0-openjdk-headless >= 1.8.0.121-23.4 libfreebl3 >= 3.29.5-57.1 libfreebl3-hmac >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-hmac >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-RPI-12-SP2-2017-748
SUSE Linux Enterprise Software Development Kit 11 SP4	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-devel >= 45.9.0esr-71.2 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-devel >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-devel >= 3.29.5-46.1	Patchnames: sdksp4-MozillaFirefox-13090
SUSE Linux Enterprise Software Development Kit 12 SP1	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-devel >= 45.9.0esr-105.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-devel >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-devel >= 3.29.5-57.1	Patchnames: SUSE-SLE-SDK-12-SP1-2017-748
SUSE Linux Enterprise Software Development Kit 12 SP2	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-devel >= 45.9.0esr-105.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-devel >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-devel >= 3.29.5-57.1	Patchnames: SUSE-SLE-SDK-12-SP2-2017-748
SUSE Linux Enterprise for SAP 12	MozillaFirefox >= 45.9.0esr-105.1 MozillaFirefox-devel >= 45.9.0esr-105.1 MozillaFirefox-translations >= 45.9.0esr-105.1 libfreebl3 >= 3.29.5-57.1 libfreebl3-32bit >= 3.29.5-57.1 libfreebl3-hmac >= 3.29.5-57.1 libfreebl3-hmac-32bit >= 3.29.5-57.1 libsoftokn3 >= 3.29.5-57.1 libsoftokn3-32bit >= 3.29.5-57.1 libsoftokn3-hmac >= 3.29.5-57.1 libsoftokn3-hmac-32bit >= 3.29.5-57.1 mozilla-nspr >= 4.13.1-18.1 mozilla-nspr-32bit >= 4.13.1-18.1 mozilla-nspr-devel >= 4.13.1-18.1 mozilla-nss >= 3.29.5-57.1 mozilla-nss-32bit >= 3.29.5-57.1 mozilla-nss-certs >= 3.29.5-57.1 mozilla-nss-certs-32bit >= 3.29.5-57.1 mozilla-nss-devel >= 3.29.5-57.1 mozilla-nss-sysinit >= 3.29.5-57.1 mozilla-nss-sysinit-32bit >= 3.29.5-57.1 mozilla-nss-tools >= 3.29.5-57.1	Patchnames: SUSE-SLE-SAP-12-2017-748
SUSE Manager 2.1	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libfreebl3-32bit >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 libsoftokn3-32bit >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-32bit >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-32bit >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1	Patchnames: sleman21-MozillaFirefox-13090
SUSE Manager Proxy 2.1	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libfreebl3-32bit >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 libsoftokn3-32bit >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-32bit >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-32bit >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1	Patchnames: slemap21-MozillaFirefox-13090
SUSE OpenStack Cloud 5	MozillaFirefox >= 45.9.0esr-71.2 MozillaFirefox-translations >= 45.9.0esr-71.2 libfreebl3 >= 3.29.5-46.1 libfreebl3-32bit >= 3.29.5-46.1 libsoftokn3 >= 3.29.5-46.1 libsoftokn3-32bit >= 3.29.5-46.1 mozilla-nspr >= 4.13.1-32.1 mozilla-nspr-32bit >= 4.13.1-32.1 mozilla-nss >= 3.29.5-46.1 mozilla-nss-32bit >= 3.29.5-46.1 mozilla-nss-tools >= 3.29.5-46.1	Patchnames: sleclo50sp3-MozillaFirefox-13090
openSUSE Leap 42.1	MozillaFirefox >= 52.1.0-61.1 MozillaFirefox-branding-upstream >= 52.1.0-61.1 MozillaFirefox-buildsymbols >= 52.1.0-61.1 MozillaFirefox-debuginfo >= 52.1.0-61.1 MozillaFirefox-debugsource >= 52.1.0-61.1 MozillaFirefox-devel >= 52.1.0-61.1 MozillaFirefox-translations-common >= 52.1.0-61.1 MozillaFirefox-translations-other >= 52.1.0-61.1 MozillaThunderbird >= 52.1.0-42.1 MozillaThunderbird-buildsymbols >= 52.1.0-42.1 MozillaThunderbird-debuginfo >= 52.1.0-42.1 MozillaThunderbird-debugsource >= 52.1.0-42.1 MozillaThunderbird-devel >= 52.1.0-42.1 MozillaThunderbird-translations-common >= 52.1.0-42.1 MozillaThunderbird-translations-other >= 52.1.0-42.1	Patchnames: openSUSE-2017-509 openSUSE-2017-545
openSUSE Leap 42.2	MozillaFirefox >= 52.1.0-57.6.1 MozillaFirefox-branding-upstream >= 52.1.0-57.6.1 MozillaFirefox-buildsymbols >= 52.1.0-57.6.1 MozillaFirefox-debuginfo >= 52.1.0-57.6.1 MozillaFirefox-debugsource >= 52.1.0-57.6.1 MozillaFirefox-devel >= 52.1.0-57.6.1 MozillaFirefox-translations-common >= 52.1.0-57.6.1 MozillaFirefox-translations-other >= 52.1.0-57.6.1 MozillaThunderbird >= 52.1.0-41.3.1 MozillaThunderbird-buildsymbols >= 52.1.0-41.3.1 MozillaThunderbird-debuginfo >= 52.1.0-41.3.1 MozillaThunderbird-debugsource >= 52.1.0-41.3.1 MozillaThunderbird-devel >= 52.1.0-41.3.1 MozillaThunderbird-translations-common >= 52.1.0-41.3.1 MozillaThunderbird-translations-other >= 52.1.0-41.3.1	Patchnames: openSUSE-2017-509 openSUSE-2017-545

List of packages in QA

Product(s)	Package(s)
SUSE Linux Enterprise Desktop 12 SP2	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise Server 12 SP1-LTSS	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise Server 12 SP2	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise Server 12-LTSS	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise Software Development Kit 12 SP2	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3
SUSE Linux Enterprise for SAP 12	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE Linux Enterprise for SAP 12 SP1	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3
SUSE OpenStack Cloud 6	MozillaFirefox >= 52.2.0esr-108.3 MozillaFirefox-branding-SLE >= 52-31.1 MozillaFirefox-debuginfo >= 52.2.0esr-108.3 MozillaFirefox-debugsource >= 52.2.0esr-108.3 MozillaFirefox-devel >= 52.2.0esr-108.3 MozillaFirefox-translations >= 52.2.0esr-108.3