firefox-78.6.0-1.0.1.el7.AXS7

エラータID: AXSA:2020-1070:27

Release date: 
Friday, December 25, 2020 - 11:58
Subject: 
firefox-78.6.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.6.0 ESR.

Security Fix(es):

* chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)

* Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)

* Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)

* Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap use-after-free (CVE-2020-26974)

* Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6 (CVE-2020-35113)

* Mozilla: Internal network hosts could have been probed by a malicious webpage (CVE-2020-26978)

* Mozilla: The proxy.onRequest API did not catch view-source URLs (CVE-2020-35111)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-16042
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26971
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26973
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26974
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26978
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35111
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35113
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-16042
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26971
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26973
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26974
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26978
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35111
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35113
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.6.0-1.0.1.el7.AXS7.src.rpm
    MD5: 1ea66ca385e95fe60da6f1e28c636c76
    SHA-256: 83f51087caa578f12cc41e9139880125147a333d1d1bc9727168c95f6ca30636
    Size: 677.80 MB

Asianux Server 7 for x86_64
  1. firefox-78.6.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: e8b8dbef502f923512e9367d84edd401
    SHA-256: 45015449b9b3dc89edb5df79c882d1f71986714a3202ee2b081d5d4e92225a0d
    Size: 101.52 MB
  2. firefox-78.6.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 42f1cfac3abbc6b6cd74d9b53659bd9b
    SHA-256: d7e131184938c1b75eea0f23461eba82a47ef46e4cd1ec5130178b31cbdb9f88
    Size: 103.20 MB