firefox-78.4.0-1.0.1.el7.AXS7

エラータID: AXSA:2020-877:22

Release date: 
Monday, November 9, 2020 - 12:59
Subject: 
firefox-78.4.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.4.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 82 and Firefox ESR 78.4 (CVE-2020-15683)

* chromium-browser: Use after free in WebRTC (CVE-2020-15969)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-15683
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-15969
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15969
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.4.0-1.0.1.el7.AXS7.src.rpm
    MD5: 59466a2380795fe499672a1428fae183
    SHA-256: 9160794071ec27d9215abbe56851bc001032ccd4f640b0f6c5f8fe7f2470c3ee
    Size: 678.28 MB

Asianux Server 7 for x86_64
  1. firefox-78.4.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: fac7895f40ad2f260d90964446676862
    SHA-256: df2d86440851a2c93290e40db032f646f4eefbe80422b06996e235d8ff6e5e3e
    Size: 104.87 MB
  2. firefox-78.4.0-1.0.1.el7.AXS7.i686.rpm
    MD5: b75b919cc92661b3078f40af881ada91
    SHA-256: bd018537856751cee5d9e331bf3cd390f3c3905db4bc426ee93de4246f7026a6
    Size: 106.57 MB