firefox-78.4.0-1.0.1.el8_2
エラータID: AXSA:2020-890:23
リリース日:
2020/11/11 Wednesday - 08:42
題名:
firefox-78.4.0-1.0.1.el8_2
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefoxには、任意コード実行に繋がるメモリ破壊の脆弱性があります。(CVE-2020-15683)
- Firefoxには、巧妙に細工されたHTMLを通じて、リモートの攻撃者がメモリ破壊や
クラッシュを引き起こせるuse-after-free を起こす脆弱性があります。(CVE-2020-15969)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-15683
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15969
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-78.4.0-1.0.1.el8_2.src.rpm
MD5: e33699823e1068a452bbbcf978baebd8
SHA-256: 020ac9d9c7a03efa6f4e2c5d5d0741e2adc7afbd150af9a64cbd7d1eafdd16da
Size: 678.29 MB
Asianux Server 8 for x86_64
- firefox-78.4.0-1.0.1.el8_2.x86_64.rpm
MD5: c8112dbffddf9d417b76a02ee1594500
SHA-256: 97c339fb1001d6f2cacd189b96a61b6c07e3c233d10fe94cf9006e557654d15b
Size: 104.87 MB
English