firefox-78.7.0-2.0.1.el7.AXS7
エラータID: AXSA:2021-1373:04
リリース日:
2021/02/03 Wednesday - 06:59
題名:
firefox-78.7.0-2.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Fifefoxには、HTTPページがHTTPSページに組み込まれている時、
サービスワーカーがセキュアなページのためのリクエストを、セキュアな
コンテキストに属していない(インセキュア)ページからも受け取って
しまう脆弱性があります。(CVE-2020-26976)
現時点では CVE-2021-23953, CVE-2021-23954, CVE-2021-23960,
CVE-2021-23964 の情報が公開されておりません。CVE の情報が公開
され次第情報をアップデートいたします。
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2020-26976
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
When a HTTPS pages was embedded in a HTTP page, and there was a service worker registered for the former, the service worker could have intercepted the request for the secure page despite the iframe not being a secure context due to the (insecure) framing. This vulnerability affects Firefox < 84.
CVE-2021-23953
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23954
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23960
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-23964
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-78.7.0-2.0.1.el7.AXS7.src.rpm
MD5: a9f8c7923f6f24422821931bc983a209
SHA-256: c0269c03acf82423347fa79840e8cf06036b2201259d455d2920d13d7492c69b
Size: 672.81 MB
Asianux Server 7 for x86_64
- firefox-78.7.0-2.0.1.el7.AXS7.x86_64.rpm
MD5: ea6b474455bc64c456c6d82039bd01cf
SHA-256: b27e235c212edb37fdfe98ef75ff431bfd75fb3a085920ebe374d6c707f4f67e
Size: 101.56 MB - firefox-78.7.0-2.0.1.el7.AXS7.i686.rpm
MD5: 126cfa3a5e6d9d2f225c443eceeb3ad1
SHA-256: b4b90511ea6f94f42c7018619ff1c9d7b44e7c21269ec3c31740e5b459f7e865
Size: 103.24 MB
English