firefox-68.10.0-1.0.1.AXS4
エラータID: AXSA:2020-213:15
リリース日:
2020/07/10 Friday - 03:38
題名:
firefox-68.10.0-1.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- firefox には、悪意のある JavaScript が、巧妙に細工された
URLオブジェクトを介して境界外読込を引き起こし、プロセスメモリの
リークを引き起こすことのできる脆弱性があります。(CVE-2020-12418)
- firefox には、親プロセスでウィンドウがフラッシュする間に起こる
処理がコールバックするとき、解放後使用が起こり、メモリ破損や潜在的な
クラッシュを引き起こす可能性のある脆弱性があります。(CVE-2020-12419)
- firefox には、 STUN サーバへ接続するときに競合状態があると
ポインタの解放後使用が起こり、メモリ破損や潜在的なクラッシュを
引き起こす脆弱性があります。(CVE-2020-12420)
- firefox は、アドオン更新の実行時において、ビルトインされた
ルート証明書に終端しない証明書チェーンを(たとえそれを管理者が
正当に追加していたとしても)拒否するため、ユーザーが気づくこと
なくバージョンが古いままになってしまう脆弱性があります。(CVE-2020-12421)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-12418
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12419
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When processing callbacks that occurred during window flushing in the parent process, the associated window may die; causing a use-after-free condition. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12420
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12421
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-68.10.0-1.0.1.AXS4.src.rpm
MD5: 4f3725597db936c9c163c6d94e22d605
SHA-256: ba124e28eef19772f14b08dee4e6ac514173d1f9a2a50e48e6cc505ee3605ccd
Size: 506.49 MB
Asianux Server 4 for x86
- firefox-68.10.0-1.0.1.AXS4.i686.rpm
MD5: eb844f4afbf8122be2325393c1173d15
SHA-256: b94375a440b4c8e686f24f592498ecd68e6cbc6becf950507a6573a53de80ccb
Size: 118.45 MB
Asianux Server 4 for x86_64
- firefox-68.10.0-1.0.1.AXS4.x86_64.rpm
MD5: 35ca4ea0e9ce2e89612469a02ce92fe8
SHA-256: 8f8a86710e40cfc1ded67b20139b68d0094f55bbf1e1d4c7ef6f2ef2d0dd56af
Size: 118.54 MB - firefox-68.10.0-1.0.1.AXS4.i686.rpm
MD5: eb844f4afbf8122be2325393c1173d15
SHA-256: b94375a440b4c8e686f24f592498ecd68e6cbc6becf950507a6573a53de80ccb
Size: 118.45 MB