firefox-78.7.0-2.0.1.AXS4

エラータID: AXSA:2021-1360:03

Release date: 
Tuesday, February 2, 2021 - 07:05
Subject: 
firefox-78.7.0-2.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.7.0 ESR.

Security Fix(es):

* Mozilla: Cross-origin information leakage via redirected PDF requests
(CVE-2021-23953)

* Mozilla: Type confusion when using logical assignment operators in
JavaScript switch statements (CVE-2021-23954)

* Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7
(CVE-2021-23964)

* Mozilla: HTTPS pages could have been intercepted by a registered service
worker when they should not have been (CVE-2020-26976)

* Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables
during GC (CVE-2021-23960)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker
registered for the former, the service worker could have intercepted the request
for the secure page despite the iframe not being a secure context due to the
(insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.7.0-2.0.1.AXS4.src.rpm
    MD5: f47f86dd090c18855eef5e6d36980dc9
    SHA-256: 3b8f1a422d8db158e9d46f3d2838fffd8e94cc9486de25399090267cce705512
    Size: 689.23 MB

Asianux Server 4 for x86
  1. firefox-78.7.0-2.0.1.AXS4.i686.rpm
    MD5: 97d2912fd0a316a943986b1c1e7707d2
    SHA-256: 34642fe380464a26e11b67516c905ea564d859c2d4b9a4dfcdf73d86050fe83f
    Size: 129.98 MB

Asianux Server 4 for x86_64
  1. firefox-78.7.0-2.0.1.AXS4.x86_64.rpm
    MD5: 60c978aacf2b01ed9061846e5969719c
    SHA-256: b3ab8bdf04c9e8280c0425ca834a7f890b1864f59cb6724c186b3bb8a2b057a0
    Size: 126.58 MB
  2. firefox-78.7.0-2.0.1.AXS4.i686.rpm
    MD5: 97d2912fd0a316a943986b1c1e7707d2
    SHA-256: 34642fe380464a26e11b67516c905ea564d859c2d4b9a4dfcdf73d86050fe83f
    Size: 129.98 MB