firefox-78.9.0-1.0.1.AXS4

エラータID: AXSA:2021-1623:10

Release date: 
Tuesday, March 30, 2021 - 12:36
Subject: 
firefox-78.9.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.9.0 ESR.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)
* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)
* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)
* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-23981
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23982
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23984
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23987
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.9.0-1.0.1.AXS4.src.rpm
    MD5: 99fb55b74fac65e1c9a5ec8b29abc427
    SHA-256: 593a103417f623d5804300c82b59c53156620e1aeed6738ae8bdc2e22a708e65
    Size: 689.11 MB

Asianux Server 4 for x86
  1. firefox-78.9.0-1.0.1.AXS4.i686.rpm
    MD5: 21ed9085e485bced425d7daa3e82e3fc
    SHA-256: fec494097805c9d3948c0a4b10fa8055451ada714530b41bc2744a765d0e87eb
    Size: 130.17 MB

Asianux Server 4 for x86_64
  1. firefox-78.9.0-1.0.1.AXS4.x86_64.rpm
    MD5: fc69a00e0b423d08eeecbef4e86ff574
    SHA-256: 7ae3c1231564980a7c9798960a8b1be8f3b505c870722651761902af765fa22e
    Size: 126.73 MB
  2. firefox-78.9.0-1.0.1.AXS4.i686.rpm
    MD5: 21ed9085e485bced425d7daa3e82e3fc
    SHA-256: fec494097805c9d3948c0a4b10fa8055451ada714530b41bc2744a765d0e87eb
    Size: 130.17 MB