AXSA:2022-3202:14

Release date: 
Monday, June 6, 2022 - 06:22
Subject: 
firefox-91.10.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.10.0 ESR.

Security Fix(es):

* Mozilla: Cross-Origin resource's length leaked (CVE-2022-31736)
* Mozilla: Heap buffer overflow in WebGL (CVE-2022-31737)
* Mozilla: Browser window spoof using fullscreen mode (CVE-2022-31738)
* Mozilla: Register allocation problem in WASM on arm64 (CVE-2022-31740)
* Mozilla: Uninitialized variable leads to invalid memory read (CVE-2022-31741)
* Mozilla: Memory safety bugs fixed in Firefox 101 and Firefox ESR 91.10 (CVE-2022-31747)
* Mozilla: Querying a WebAuthn token with a large number of allowCredential entries may have leaked cross-origin information (CVE-2022-31742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-31736
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31737
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31738
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31740
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31741
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31742
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-31747
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.10.0-1.0.1.el7.AXS7.src.rpm
    MD5: 577d1bcd6cd1df35c1aca24429b56298
    SHA-256: 27a4d730f3906c182966827da28a2e6990195e72fe89f1640c4d755615ea6d11
    Size: 493.63 MB

Asianux Server 7 for x86_64
  1. firefox-91.10.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 02233ad68e0ea5cb503fdf0c04e50147
    SHA-256: 1d227ac1a4147a57c73a113e799b7c70cfded42da3cc8a1774a313474d3d2704
    Size: 106.22 MB
  2. firefox-91.10.0-1.0.1.el7.AXS7.i686.rpm
    MD5: d049c22464ffe1193495d745a7515c63
    SHA-256: 58570214ed29930b76e7ef9509ec7fd56468442196e3e2b30b4032862f187263
    Size: 107.97 MB
Copyright 2007-2022 Cybertrust Japan Co., Ltd. All rights reserved.