firefox-91.4.0-1.el8.ML.1

エラータID: AXSA:2022-2971:02

Release date: 
Sunday, January 16, 2022 - 12:52
Subject: 
firefox-91.4.0-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.4.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
* Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)
* Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)
* Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)
* Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)
* Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)
* Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)
* Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)
* Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)
* Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-43536
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43537
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95
CVE-2021-43538
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43539
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43541
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43542
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43543
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43545
Using the Location API in a loop could have caused severe application hangs and crashes. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
CVE-2021-43546
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.4.0-1.el8.ML.1.src.rpm
    MD5: 042e78cda0c15515fb4efcc46a4079f2
    SHA-256: d72b766390956976e5b8d8ae4671e695ab5098ccd7b2f2abdbe23d9df12d874b
    Size: 495.66 MB

Asianux Server 8 for x86_64
  1. firefox-91.4.0-1.el8.ML.1.x86_64.rpm
    MD5: 7df78b5ad0b31d3588c62b8cdfcdf82b
    SHA-256: 69c5cca46a8f0ce6eb2155363092cb1c0e86fad65fc016b95c1b1787b8c37fbd
    Size: 105.97 MB