firefox-102.3.0-7.el9.ML.1

エラータID: AXSA:2022-4119:36

Release date: 
Thursday, November 24, 2022 - 06:24
Subject: 
firefox-102.3.0-7.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* expat: a use-after-free in the doContent function in xmlparse.c (CVE-2022-40674)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

Solution: 

Update packages.

CVEs: 
CVE-2022-40674
libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-102.3.0-7.el9.ML.1.src.rpm
    MD5: ba798eeac2c42c99994b3ded21cbb107
    SHA-256: c6617bacb2b0cbb5ae9840da5a97ca7485aacd9d4435b01a485e97ac3827f2c9
    Size: 589.36 MB

Asianux Server 9 for x86_64
  1. firefox-102.3.0-7.el9.ML.1.x86_64.rpm
    MD5: c4467975b54285675d668cc543edf18e
    SHA-256: b827b8cb1a7a86da4ded17923abd2dc8f058591d14332a290c7e124528e4e236
    Size: 105.81 MB