firefox-102.15.0-1.0.1.el7.AXS7
エラータID: AXSA:2023-6392:33
リリース日:
2023/09/08 Friday - 09:24
題名:
firefox-102.15.0-1.0.1.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Firefox には、ファイルを開くためのダイアログによって全画面
通知が隠蔽されてしまう問題があるため、リモートの攻撃者により、
なりすまし攻撃を可能とする脆弱性が存在します。(CVE-2023-4051)
- Firefox には、全画面通知が隠蔽されてしまう問題があるため、
リモートの攻撃者により、mailto など外部のプログラムによって
処理されるスキームを含む細工された URL を介して、なりすまし
攻撃を可能とする脆弱性が存在します。(CVE-2023-4053)
現時点では下記の CVE の情報が公開されておりません。
CVE の情報が公開され次第情報をアップデートいたします。
CVE-2023-4573
CVE-2023-4574
CVE-2023-4575
CVE-2023-4577
CVE-2023-4578
CVE-2023-4580
CVE-2023-4581
CVE-2023-4583
CVE-2023-4584
CVE-2023-4585
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-4051
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4053
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4573
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4574
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4575
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4577
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4578
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4580
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4581
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4583
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4584
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4585
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
追加情報:
N/A
ダウンロード:
SRPMS
- firefox-102.15.0-1.0.1.el7.AXS7.src.rpm
MD5: 121f70ae4d16430b4956e01debad68b0
SHA-256: d4d90eb567f38bb781a0bacd3e3f3d064bfb8a79bdbb6e5fc29c599fe7ca6e01
Size: 595.06 MB
Asianux Server 7 for x86_64
- firefox-102.15.0-1.0.1.el7.AXS7.i686.rpm
MD5: 19161a3a4bfe8cd37ba48406ab7feed1
SHA-256: b597dfc842c4b1205b98b3cc44feef4107511f95161ea4c9d51c5928b7fc78d7
Size: 113.16 MB - firefox-102.15.0-1.0.1.el7.AXS7.x86_64.rpm
MD5: bbbe3a508832282f864d4eea002b1b1c
SHA-256: 690b96b4fc2cd73121580211524363bffce30fceb064de2ad3cda9defff265fb
Size: 109.77 MB