firefox-91.9.0-1.el8.ML.1

エラータID: AXSA:2022-3174:10

Release date: 
Monday, May 9, 2022 - 20:22
Subject: 
firefox-91.9.0-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.0 ESR.

Security Fix(es):

Mozilla: Bypassing permission prompt in nested browsing contexts
(CVE-2022-29909)
Mozilla: iframe Sandbox bypass (CVE-2022-29911)
Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914)
Mozilla: Leaking browser history with CSS variables (CVE-2022-29916)
Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
(CVE-2022-29917)
Mozilla: Reader mode bypassed SameSite cookies (CVE-2022-29912)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2022-29909
CVE-2022-29911
CVE-2022-29912
CVE-2022-29914
CVE-2022-29916
CVE-2022-29917

Solution: 

Update packages.

CVEs: 
CVE-2022-29909
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29911
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29912
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29914
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29916
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29917
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.9.0-1.el8.ML.1.src.rpm
    MD5: 778b60691e94cf7cb84cc8b88259a261
    SHA-256: c0af35ba1cb07c5090b476676e24f6f14cd15127e71590a6be6ffe1707c19ac0
    Size: 495.24 MB

Asianux Server 8 for x86_64
  1. firefox-91.9.0-1.el8.ML.1.x86_64.rpm
    MD5: 7089895ce6467fe77e056c7c3940d770
    SHA-256: 8e997f8c03e35eb09747d8c2e58d7de9ce208d74b8b14658e069a2eb0d4052ab
    Size: 106.19 MB