firefox-91.6.0-1.0.1.el7.AXS7

エラータID: AXSA:2022-3070:05

Release date: 
Friday, February 18, 2022 - 04:52
Subject: 
firefox-91.6.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.6.0 ESR.

Security Fix(es):

* Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754)
* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764)
* Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756)
* Mozilla: Sandboxed iframes could have executed script if the parent appended elements (CVE-2022-22759)
* Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types (CVE-2022-22760)
* Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages (CVE-2022-22761)
* Mozilla: Script Execution during invalid object state (CVE-2022-22763)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-22754
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22756
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22759
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22760
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22761
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22763
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22764
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2022-22754
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22756
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22759
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22760
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22761
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22763
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-22764
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.6.0-1.0.1.el7.AXS7.src.rpm
    MD5: 74dd91374718a23dfb9132fda380a9a7
    SHA-256: 99b1d8e963e59e578f819bf55011b0236eafd843daab243ba0831b901cb3c93b
    Size: 494.92 MB

Asianux Server 7 for x86_64
  1. firefox-91.6.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: e12c3fb76235126c22f9b4f1b0d77cf0
    SHA-256: c02dc808c21ae0957ff6d10f202f62443de70a229bf5cb98d934174dd600a730
    Size: 106.29 MB
  2. firefox-91.6.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 6f1b4987736ff32b04cd51810b44edbd
    SHA-256: c61983a5b5370f146a181767e060a3aa26b036744a6b6fe3b513c60abdd1df98
    Size: 108.12 MB