firefox-78.7.0-2.0.1.AXS4
エラータID: AXSA:2021-1360:03
リリース日:
2021/02/02 Tuesday - 07:05
題名:
firefox-78.7.0-2.0.1.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Fifefoxには、HTTPページがHTTPSページに組み込まれている時、
サービスワーカーがセキュアなページのためのリクエストを、セキュアな
コンテキストに属していない(インセキュア)ページからも受け取って
しまう脆弱性があります。(CVE-2020-26976)
現時点では CVE-2021-23953, CVE-2021-23954, CVE-2021-23960,
CVE-2021-23964 の情報が公開されておりません。CVE の情報が公開
され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-78.7.0-2.0.1.AXS4.src.rpm
MD5: f47f86dd090c18855eef5e6d36980dc9
SHA-256: 3b8f1a422d8db158e9d46f3d2838fffd8e94cc9486de25399090267cce705512
Size: 689.23 MB
Asianux Server 4 for x86
- firefox-78.7.0-2.0.1.AXS4.i686.rpm
MD5: 97d2912fd0a316a943986b1c1e7707d2
SHA-256: 34642fe380464a26e11b67516c905ea564d859c2d4b9a4dfcdf73d86050fe83f
Size: 129.98 MB
Asianux Server 4 for x86_64
- firefox-78.7.0-2.0.1.AXS4.x86_64.rpm
MD5: 60c978aacf2b01ed9061846e5969719c
SHA-256: b3ab8bdf04c9e8280c0425ca834a7f890b1864f59cb6724c186b3bb8a2b057a0
Size: 126.58 MB - firefox-78.7.0-2.0.1.AXS4.i686.rpm
MD5: 97d2912fd0a316a943986b1c1e7707d2
SHA-256: 34642fe380464a26e11b67516c905ea564d859c2d4b9a4dfcdf73d86050fe83f
Size: 129.98 MB
English