firefox-78.7.0-2.0.1.el7.AXS7
エラータID: AXSA:2021-1373:04
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 78.7.0 ESR.
Security Fix(es):
* Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953)
* Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954)
* Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964)
* Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976)
* Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Update packages.
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- firefox-78.7.0-2.0.1.el7.AXS7.src.rpm
MD5: a9f8c7923f6f24422821931bc983a209
SHA-256: c0269c03acf82423347fa79840e8cf06036b2201259d455d2920d13d7492c69b
Size: 672.81 MB
Asianux Server 7 for x86_64
- firefox-78.7.0-2.0.1.el7.AXS7.x86_64.rpm
MD5: ea6b474455bc64c456c6d82039bd01cf
SHA-256: b27e235c212edb37fdfe98ef75ff431bfd75fb3a085920ebe374d6c707f4f67e
Size: 101.56 MB - firefox-78.7.0-2.0.1.el7.AXS7.i686.rpm
MD5: 126cfa3a5e6d9d2f225c443eceeb3ad1
SHA-256: b4b90511ea6f94f42c7018619ff1c9d7b44e7c21269ec3c31740e5b459f7e865
Size: 103.24 MB
日本語