firefox-91.12.0-2.0.1.el7.AXS7

エラータID: AXSA:2022-3637:16

Release date: 
Wednesday, August 3, 2022 - 01:45
Subject: 
firefox-91.12.0-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.12.0 ESR.

Security Fix(es):

* Mozilla: Memory safety bugs fixed in Firefox 103 and 102.1 (CVE-2022-2505)
* Mozilla: Directory indexes for bundled resources reflected URL parameters (CVE-2022-36318)
* Mozilla: Mouse Position spoofing with CSS transforms (CVE-2022-36319)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-2505
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-36318
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-36319
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2022-2505
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-36318
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-36319
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-91.12.0-2.0.1.el7.AXS7.src.rpm
    MD5: 1fb18126011f3389bda89743b49d36b2
    SHA-256: c54f138138ef1b2ccdb27f74c68ce79ab69b3d15b3797a9138703bbd03d7a96f
    Size: 493.64 MB

Asianux Server 7 for x86_64
  1. firefox-91.12.0-2.0.1.el7.AXS7.x86_64.rpm
    MD5: 8b8c8ebc24fc9760a9f2e80e4907c6be
    SHA-256: 81b2489a848c13c9f05b3fbb42c8388fd2c51a99ee614bec63a9605fb5d70c06
    Size: 106.23 MB
  2. firefox-91.12.0-2.0.1.el7.AXS7.i686.rpm
    MD5: 871de0a6134e6ad320cd82529b4d9d89
    SHA-256: b92d9e450b129fa160db9eb57302bdcd05cb919fb577922bfb840c23d56df311
    Size: 107.99 MB