Hello, ESR 45 is not affected. This is why we haven't done a new version.
The securityfocus url is incorrect, I guess it is a bug in their website (Mozilla Firefox 0.0.13 is being marked as affected when the new code was introduced 10 months ago with Firefox 49). Hope this helps, Sylvestre Le 21/03/2017 à 08:09, Schroth, Juergen a écrit : > > Hi > > > > According to > https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428 > and http://www.securityfocus.com/bid/96959/info and various other > sources Version 45.8 ESR is vulnerable to the security issue described > in CVE2017-5428. The only fix is an update to 52.0.1 ESR. > > > > According to > https://www.heise.de/security/meldung/Mozilla-reagiert-zuegig-auf-Firefox-Exploit-des-Hacker-Wettbewerbs-Pwn2Own-3658562.html > (sorry only German) Version 45.x ESR is *not *affected. > > (“ Firefox ESR 45.x and the tor browser based on it are not affected > by the vulnerability, according to Mozilla. The vulnerable > |createImageBitmap|-API is not used in ESR version” ). > > Who is right? And will there be a fix within the 45.x ESR branch, as > https://www.mozilla.org/en-US/firefox/organizations/faq/ states that > the 45.x branch will be supported until release of 52.2 ESR. > > > > > > Mit freundlichen Grüßen / Kind regards > > > > *Jürgen Schroth* > > Senior Service Professional, RfS Projectmanagement, IXOS Client Support > > > > Bechtle Onsite Services GmbH > > Bechtle Platz 1 > > 74172 Neckarsulm > > > > Telefon: +49 721 3714466 > > mobil: +49 151 52617344 > > E-Mail: [email protected] <mailto:[email protected]> > > > > Sitz Neckarsulm, Amtsgericht Stuttgart HRB 571713, > Ust-Id.Nr.DE203362620, Geschäftsführer Jörg Öynhausen, Alexander Köhler > > > > > > _______________________________________________ > Enterprise mailing list > [email protected] > https://mail.mozilla.org/listinfo/enterprise > > To unsubscribe from this list, please visit > https://mail.mozilla.org/listinfo/enterprise or send an email to > [email protected] with a subject of "unsubscribe"
_______________________________________________ Enterprise mailing list [email protected] https://mail.mozilla.org/listinfo/enterprise To unsubscribe from this list, please visit https://mail.mozilla.org/listinfo/enterprise or send an email to [email protected] with a subject of "unsubscribe"
