firefox-78.10.0-1.0.1.AXS4

エラータID: AXSA:2021-1731:12

Release date: 
Friday, April 30, 2021 - 09:06
Subject: 
firefox-78.10.0-1.0.1.AXS4
Affected Channels: 
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.10.0 ESR.

Security Fix(es):

* Mozilla: Out of bound write due to lazy initialization (CVE-2021-23994)
* Mozilla: Use-after-free in Responsive Design Mode (CVE-2021-23995)
* Mozilla: More internal network hosts could have been probed by a malicious
webpage (CVE-2021-23961)
* Mozilla: Secure Lock icon could have been spoofed (CVE-2021-23998)
* Mozilla: Blob URLs may have been granted additional privileges
(CVE-2021-23999)
* Mozilla: Arbitrary FTP command execution on FTP servers using an encoded URL
(CVE-2021-24002)
* Mozilla: Incorrect size computation in WebAssembly JIT could lead to
null-reads (CVE-2021-29945)
* Mozilla: Port blocking could be bypassed (CVE-2021-29946)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-23961
Further techniques that built on the slipstream research combined with a
malicious webpage could have exposed both an internal network's hosts as well as
services running on the user's local machine. This vulnerability affects Firefox
< 85.
CVE-2021-23994
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23995
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23998
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-23999
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-24002
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-29945
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2021-29946
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2021-23961
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox < 85.
CVE-2021-23994
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23995
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23998
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23999
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-24002
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-29945
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-29946
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-78.10.0-1.0.1.AXS4.src.rpm
    MD5: 985a915e3cb4fd4e10f8f4a704f0367d
    SHA-256: 44129051472471e55189bc6a7617e93c2026260b343967a6199b65eafc06d2e9
    Size: 690.95 MB

Asianux Server 4 for x86
  1. firefox-78.10.0-1.0.1.AXS4.i686.rpm
    MD5: 371354f1918abea86594ef20aff9fb1a
    SHA-256: 26ca0f9ac3336448ddeb1552cf249684a17bbf259147d0af4ae080b9e3f4b2ae
    Size: 130.21 MB

Asianux Server 4 for x86_64
  1. firefox-78.10.0-1.0.1.AXS4.x86_64.rpm
    MD5: f75287a8053c6d45ab7457345db46070
    SHA-256: 975efbfc8db630dee1dfbc58ea9e8a7ff441b6f47e27bf99df65d595c9f7a050
    Size: 126.77 MB
  2. firefox-78.10.0-1.0.1.AXS4.i686.rpm
    MD5: 371354f1918abea86594ef20aff9fb1a
    SHA-256: 26ca0f9ac3336448ddeb1552cf249684a17bbf259147d0af4ae080b9e3f4b2ae
    Size: 130.21 MB