firefox-102.15.0-1.el9.ML.1
エラータID: AXSA:2023-6389:32
リリース日:
2023/09/07 Thursday - 09:39
題名:
firefox-102.15.0-1.el9.ML.1
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox には、ファイルを開くためのダイアログによって全画面
通知が隠蔽されてしまう問題があるため、リモートの攻撃者により、
なりすまし攻撃を可能とする脆弱性が存在します。(CVE-2023-4051)
- Firefox には、全画面通知が隠蔽されてしまう問題があるため、
リモートの攻撃者により、mailto など外部のプログラムによって
処理されるスキームを含む細工された URL を介して、なりすまし
攻撃を可能とする脆弱性が存在します。(CVE-2023-4053)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2023-4573
CVE-2023-4574
CVE-2023-4575
CVE-2023-4577
CVE-2023-4578
CVE-2023-4580
CVE-2023-4581
CVE-2023-4583
CVE-2023-4584
CVE-2023-4585
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-4051
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4053
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4573
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4574
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4575
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4577
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4578
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4580
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4581
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4583
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4584
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4585
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-102.15.0-1.el9.ML.1.src.rpm
MD5: 77dfada9383f5127b157bc2f703710ba
SHA-256: 5838aeb6b75c5a526a4b3f80f41ffc44259121457e21bdf016e4f79ce0e115a0
Size: 595.06 MB
Asianux Server 9 for x86_64
- firefox-102.15.0-1.el9.ML.1.x86_64.rpm
MD5: f8f531ec045e5736b38663851362ca62
SHA-256: b5a895dcecf166f6d2efa10ac1ffd156c6a34294477e0db2fc24e61d3137fbf3
Size: 107.09 MB - firefox-x11-102.15.0-1.el9.ML.1.x86_64.rpm
MD5: 080aae58bcecc8f446cb6c82bf43627b
SHA-256: 2c192d8a755dc772cdcadc47a0cd04f6a56b737cae59db23a73fcd2b1dd2c190
Size: 14.49 kB
English