firefox-102.11.0-2.0.1.el7.AXS7

エラータID: AXSA:2023-5464:18

Release date: 
Tuesday, May 23, 2023 - 02:55
Subject: 
firefox-102.11.0-2.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.11.0 ESR.

Security Fix(es):

* Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205)
* Mozilla: Crash in RLBox Expat driver (CVE-2023-32206)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207)
* Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215)
* Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211)
* Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212)
* Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-32205
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32206
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32207
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32211
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32212
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32213
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32215
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

CVEs: 
CVE-2023-32205
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32206
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32207
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32211
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32212
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32213
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-32215
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-102.11.0-2.0.1.el7.AXS7.src.rpm
    MD5: 775e05afef658ca8d162cac4bb2ce8bd
    SHA-256: 54cbdac8336c30dda319f7a7c6387eb10b05cc58ef2a39a2d5a9e8b9cf48731e
    Size: 594.97 MB

Asianux Server 7 for x86_64
  1. firefox-102.11.0-2.0.1.el7.AXS7.i686.rpm
    MD5: 0342ae93c99f0db8250770bc4d6d0f3c
    SHA-256: 7a29d1f8d3f7f4f7024c911443a5d67e6bb1dce52be3af84661b5f3c96d6386e
    Size: 113.09 MB
  2. firefox-102.11.0-2.0.1.el7.AXS7.x86_64.rpm
    MD5: a6231282e8f59416664a22e931001130
    SHA-256: ffa411241e82923a04958f8fe7d192d41c9c072732d1a2bc094f126d2a472e70
    Size: 109.71 MB