firefox-102.4.0-1.0.1.el7.AXS7
エラータID: AXSA:2022-3911:27
リリース日:
2022/10/24 Monday - 01:12
題名:
firefox-102.4.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox および Thunderbird には、同一オリジンポリシー違反に
より、クロスオリジンの URL エントリが盗まれる問題があるため、
performance.getEntries() を介して、リダイレクト結果の漏洩を可能
とする脆弱性が存在します。(CVE-2022-42927)
- Firefox および Thunderbird には、ガベージコレクターが特定の
状態下にある場合でのアノテーションが欠落している特定のタイプ
の割り当てに問題があるため、リモートの攻撃者により、メモリ
破壊やクラッシュに起因するサービス拒否攻撃を可能とする脆弱性
が存在します。(CVE-2022-42928)
- Firefox および Thunderbird には、リモートの攻撃者により、Web
サイトから特定の方法で window.print() を呼び出すことを介して、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2022-42929)
- Firefox および Thunderbird には、メモリ破壊の問題があるため、
リモートの攻撃者により、任意のコード実行を可能とする脆弱性
が存在します。(CVE-2022-42932)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-42927
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42928
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42929
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-42932
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-102.4.0-1.0.1.el7.AXS7.src.rpm
MD5: 32f2f9dd3fa5db44d7ee2cdc6f94a80c
SHA-256: 6ca08d2c55fdc31a04ccd6944d9961ddddd0332697c0d81f54a8d2fca47e1bae
Size: 592.99 MB
Asianux Server 7 for x86_64
- firefox-102.4.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: 54a7e3f6cfb002b798d1847e6c3b9231
SHA-256: 029b8d882fa405974b5c58466128a56ab3210af6c31731ed184aa1df32ace6dc
Size: 108.44 MB - firefox-102.4.0-1.0.1.el7.AXS7.i686.rpm
MD5: 7a953eb099fa6d40c927058ddb76a4db
SHA-256: ec9906443761be882b97d6fcdd3a3f9b3e17c710f55b2b61e1c67a6609a6f481
Size: 111.80 MB