firefox-102.4.0-1.0.1.el7.AXS7

エラータID: AXSA:2022-3911:27

Release date: 
Monday, October 24, 2022 - 01:12
Subject: 
firefox-102.4.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.4.0 ESR.

Security Fix(es):

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)
* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)
* Mozilla: Denial of Service via window.print (CVE-2022-42929)
* Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-42927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42928
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42929
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42932
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2022-42927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42928
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42929
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42932
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-102.4.0-1.0.1.el7.AXS7.src.rpm
    MD5: 32f2f9dd3fa5db44d7ee2cdc6f94a80c
    SHA-256: 6ca08d2c55fdc31a04ccd6944d9961ddddd0332697c0d81f54a8d2fca47e1bae
    Size: 592.99 MB

Asianux Server 7 for x86_64
  1. firefox-102.4.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 54a7e3f6cfb002b798d1847e6c3b9231
    SHA-256: 029b8d882fa405974b5c58466128a56ab3210af6c31731ed184aa1df32ace6dc
    Size: 108.44 MB
  2. firefox-102.4.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 7a953eb099fa6d40c927058ddb76a4db
    SHA-256: ec9906443761be882b97d6fcdd3a3f9b3e17c710f55b2b61e1c67a6609a6f481
    Size: 111.80 MB