AXSA:2022-3199:13

Release date: 
Wednesday, June 1, 2022 - 13:37
Subject: 
firefox-91.9.1-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.9.1 ESR.

Security Fix(es):

* Mozilla: Untrusted input used in JavaScript object indexing, leading to prototype pollution (CVE-2022-1529)
* Mozilla: Prototype pollution in Top-Level Await implementation (CVE-2022-1802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-1529
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-1802
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.9.1-1.el8.ML.1.src.rpm
    MD5: 4eb5e81d521e66bf5ee525b1d2b09b62
    SHA-256: 31a7679849ceecf7e82166047313260a4f17c27dbad67fc214fa1a6ae8116767
    Size: 488.79 MB

Asianux Server 8 for x86_64
  1. firefox-91.9.1-1.el8.ML.1.x86_64.rpm
    MD5: a9c4d7b0acb35417bccc5df42689bc74
    SHA-256: 13c2584743ecc9aed99197518897dc03c221e2e3f9ccc0baf4535eaf256de4c3
    Size: 106.20 MB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.