firefox-102.4.0-1.el8.ML.1

エラータID: AXSA:2022-3915:28

Release date: 
Tuesday, October 25, 2022 - 08:10
Subject: 
firefox-102.4.0-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.4.0 ESR.

Security Fix(es):

* Mozilla: Same-origin policy violation could have leaked cross-origin URLs (CVE-2022-42927)
* Mozilla: Memory Corruption in JS Engine (CVE-2022-42928)
* Mozilla: Denial of Service via window.print (CVE-2022-42929)
* Mozilla: Memory safety bugs fixed in Firefox 106 and Firefox ESR 102.4 (CVE-2022-42932)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-42927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42928
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42929
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42932
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2022-42927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42928
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42929
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42932
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-102.4.0-1.el8.ML.1.src.rpm
    MD5: 3befd8a6dee282cab39c080faccfab44
    SHA-256: c8fb9b3b72067e69dd056360e9e28edcecc269673f0660d21d427cd5df8c058d
    Size: 592.99 MB

Asianux Server 8 for x86_64
  1. firefox-102.4.0-1.el8.ML.1.x86_64.rpm
    MD5: 0eb3b5293b8b6d20f306cae07b4b0a29
    SHA-256: 0fe3f71d6a45d5c37a36b9c7f7ecefc12a2c4f100646bd9c15ded42c2df7e547
    Size: 108.31 MB