firefox-91.8.0-1.el8.ML.1
エラータID: AXSA:2022-3145:09
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 91.8.0 ESR.
Security Fix(es):
Mozilla: Use-after-free in NSSToken objects (CVE-2022-1097)
Mozilla: Out of bounds write due to unexpected WebAuthN Extensions
(CVE-2022-28281)
Mozilla: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8
(CVE-2022-28289)
Mozilla: Use-after-free after VR Process destruction (CVE-2022-1196)
Mozilla: Use-after-free in DocumentL10n::TranslateDocument (CVE-2022-28282)
Mozilla: Incorrect AliasSet used in JIT Codegen (CVE-2022-28285)
Mozilla: Denial of Service via complex regular expressions (CVE-2022-24713)
Mozilla: iframe contents could be rendered outside the border
(CVE-2022-28286)
CVE(s):
CVE-2022-1097
CVE-2022-1196
CVE-2022-24713
CVE-2022-28281
CVE-2022-28282
CVE-2022-28285
CVE-2022-28286
CVE-2022-28289
Update packages.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- firefox-91.8.0-1.el8.ML.1.src.rpm
MD5: 511146114a53c97c996ec01ec3606e97
SHA-256: ebd3cdfa4ddb7b79ae75064c7250a1efe0e1f888bb14fc6c01c416d6e974bfe4
Size: 495.18 MB
Asianux Server 8 for x86_64
- firefox-91.8.0-1.el8.ML.1.x86_64.rpm
MD5: 67140cdad378fdb051e0b1626a36df9d
SHA-256: 4ba7c77bac8e2bd1218e6ba39afa85d263efa7b7b227d4d2b4d793d7bb93d0da
Size: 106.19 MB