firefox-68.11.0-1.0.1.el7.AXS7

エラータID: AXSA:2020-256:17

Release date: 
Wednesday, August 5, 2020 - 04:40
Subject: 
firefox-68.11.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 68.11.0 ESR.

Security Fix(es):

* chromium-browser: Use after free in ANGLE (CVE-2020-6463)

* chromium-browser: Inappropriate implementation in WebRTC (CVE-2020-6514)

* Mozilla: Potential leak of redirect targets when loading scripts in a worker (CVE-2020-15652)

* Mozilla: Memory safety bugs fixed in Firefox 79 and Firefox ESR 68.11 (CVE-2020-15659)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-15652
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15659
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-6463
Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-6514
Inappropriate implementation in WebRTC in Google Chrome prior to 84.0.4147.89 allowed an attacker in a privileged network position to potentially exploit heap corruption via a crafted SCTP stream.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-68.11.0-1.0.1.el7.AXS7.src.rpm
    MD5: a0de3b0debbe7cafe8b15afef7b40585
    SHA-256: 67c480bdb31b564b0447117fe0a1a3c56efc6524aac95c59804e0e7ffe89294f
    Size: 512.96 MB

Asianux Server 7 for x86_64
  1. firefox-68.11.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 22a2ccc60e002f11bc48b73925513266
    SHA-256: ba641a49c2f4bf6e52200c322770af9c46ffb94b0917be140497d984ca9aabfb
    Size: 94.52 MB
  2. firefox-68.11.0-1.0.1.el7.AXS7.i686.rpm
    MD5: d9945263f09006158eb664d8f5fd4ec9
    SHA-256: 6833918cbe4aed13a1713892ac8501b9e962f25d765930a8653fc748841d6fe0
    Size: 97.36 MB