firefox-78.7.0-2.0.1.el7.AXS7

エラータID: AXSA:2021-1373:04

Release date: 
Wednesday, February 3, 2021 - 06:59
Subject: 
firefox-78.7.0-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 78.7.0 ESR.

Security Fix(es):

* Mozilla: Cross-origin information leakage via redirected PDF requests (CVE-2021-23953)

* Mozilla: Type confusion when using logical assignment operators in JavaScript switch statements (CVE-2021-23954)

* Mozilla: Memory safety bugs fixed in Firefox 85 and Firefox ESR 78.7 (CVE-2021-23964)

* Mozilla: HTTPS pages could have been intercepted by a registered service worker when they should not have been (CVE-2020-26976)

* Mozilla: Use-after-poison for incorrectly redeclared JavaScript variables during GC (CVE-2021-23960)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.7.0-2.0.1.el7.AXS7.src.rpm
    MD5: a9f8c7923f6f24422821931bc983a209
    SHA-256: c0269c03acf82423347fa79840e8cf06036b2201259d455d2920d13d7492c69b
    Size: 672.81 MB

Asianux Server 7 for x86_64
  1. firefox-78.7.0-2.0.1.el7.AXS7.x86_64.rpm
    MD5: ea6b474455bc64c456c6d82039bd01cf
    SHA-256: b27e235c212edb37fdfe98ef75ff431bfd75fb3a085920ebe374d6c707f4f67e
    Size: 101.56 MB
  2. firefox-78.7.0-2.0.1.el7.AXS7.i686.rpm
    MD5: 126cfa3a5e6d9d2f225c443eceeb3ad1
    SHA-256: b4b90511ea6f94f42c7018619ff1c9d7b44e7c21269ec3c31740e5b459f7e865
    Size: 103.24 MB