firefox-91.9.0-1.0.1.el7.AXS7

エラータID: AXSA:2022-3176:11

Release date: 
Tuesday, May 10, 2022 - 05:38
Subject: 
firefox-91.9.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 91.9.0 ESR.

Security Fix(es):

Mozilla: Bypassing permission prompt in nested browsing contexts
(CVE-2022-29909)
Mozilla: iframe Sandbox bypass (CVE-2022-29911)
Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914)
Mozilla: Leaking browser history with CSS variables (CVE-2022-29916)
Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9
(CVE-2022-29917)
Mozilla: Reader mode bypassed SameSite cookies (CVE-2022-29912)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2022-29909
CVE-2022-29911
CVE-2022-29912
CVE-2022-29914
CVE-2022-29916
CVE-2022-29917

Solution: 

Update packages.

CVEs: 
CVE-2022-29909
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29911
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29912
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29914
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29916
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-29917
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.9.0-1.0.1.el7.AXS7.src.rpm
    MD5: 2e00cb3ce6e9edd34e08c4a137ef7284
    SHA-256: 82e7541c387e0be0e61ab26be909831f62e665cf86784a46cd39d7ed2399d928
    Size: 495.24 MB

Asianux Server 7 for x86_64
  1. firefox-91.9.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: f793951629309187d140b17e5ba85447
    SHA-256: b9ac4dbaa400faff14155169e98917a55ac18df8d304f6c3152899e4fa47ff77
    Size: 106.20 MB
  2. firefox-91.9.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 631c4385e902953f335cfd14f363e840
    SHA-256: 4b0056cac629a08a25a062037df28fe88af227627ccbd4572884aff0e6a28967
    Size: 107.95 MB