firefox-115.7.0-1.0.1.el7.AXS7

エラータID: AXSA:2024-7492:05

Release date: 
Wednesday, January 31, 2024 - 18:39
Subject: 
firefox-115.7.0-1.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

* Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
* Mozilla: Failure to update user input timestamp (CVE-2024-0742)
* Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
* Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
* Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
* Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
* Mozilla: Privilege escalation through devtools (CVE-2024-0751)
* Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
* Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-0741
An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0742
It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0746
A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0747
When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0749
A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0750
A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0751
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0753
In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2024-0755
Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-115.7.0-1.0.1.el7.AXS7.src.rpm
    MD5: 1e849ab3ecd65c92edb6317d30c5e711
    SHA-256: 2c3d7dc330ff910d2ee98d46ab13d179516f2e0e71d801359eef60fd92861281
    Size: 705.82 MB

Asianux Server 7 for x86_64
  1. firefox-115.7.0-1.0.1.el7.AXS7.i686.rpm
    MD5: 22708a513d94204e509d2c08ced76887
    SHA-256: a2e67b4be4775767c2ae180fe7034725cee21873bd46250a8649f5f8204bb8e8
    Size: 118.77 MB
  2. firefox-115.7.0-1.0.1.el7.AXS7.x86_64.rpm
    MD5: 8f5b96311c47c4f9a6d480f616026a05
    SHA-256: d93af6ac4b609ce2d02e62d4be6d8363bc35f7ce8b7742ef945362b137ee3e8e
    Size: 115.08 MB