firefox-78.6.0-1.0.1.AXS4

エラータID: AXSA:2020-1071:28

リリース日: 
2020/12/25 Friday - 13:35
題名: 
firefox-78.6.0-1.0.1.AXS4
影響のあるチャネル: 
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 78.6.0 ESR.

Security Fix(es):

* chromium-browser: Uninitialized Use in V8 (CVE-2020-16042)

* Mozilla: Heap buffer overflow in WebGL (CVE-2020-26971)

* Mozilla: CSS Sanitizer performed incorrect sanitization (CVE-2020-26973)

* Mozilla: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free (CVE-2020-26974)

* Mozilla: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
(CVE-2020-35113)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2020-26978)

* Mozilla: The proxy.onRequest API did not catch view-source URLs
(CVE-2020-35111)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2020-16042
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-26971
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-26973
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-26974
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-26978
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-35111
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-35113
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.

解決策: 

Update packages.

CVE: 
CVE-2020-16042
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26971
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26973
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26974
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-26978
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35111
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2020-35113
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. firefox-78.6.0-1.0.1.AXS4.src.rpm
    MD5: 0e3dd3190726129cb9e1d140cb4c3a2f
    SHA-256: 26daf6abe4b9a66ac773a9fd076b25d257538a6c7590132399526a32f0b8c9d0
    Size: 694.22 MB

Asianux Server 4 for x86
  1. firefox-78.6.0-1.0.1.AXS4.i686.rpm
    MD5: ab2ec3e8c9dbb4d1361fba86076802c5
    SHA-256: 82fd2c017da70ceb136d1f5a6d311d5daecc64c20c4dde78126640c93255d676
    Size: 129.94 MB

Asianux Server 4 for x86_64
  1. firefox-78.6.0-1.0.1.AXS4.x86_64.rpm
    MD5: 74b8c2e7a51e674c70f9c442be0d5770
    SHA-256: 954a316c14e8a2beb7306e0563f12de3fcd7425d952c116c656c14a02e164fe4
    Size: 126.53 MB
  2. firefox-78.6.0-1.0.1.AXS4.i686.rpm
    MD5: ab2ec3e8c9dbb4d1361fba86076802c5
    SHA-256: 82fd2c017da70ceb136d1f5a6d311d5daecc64c20c4dde78126640c93255d676
    Size: 129.94 MB