[ALSA-2022:6174] firefox security update
firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 91.13.0 ESR.
Security Fix(es):
* Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472)
* Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473)
* Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477)
* Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 (CVE-2022-38478)
* Mozilla: Data race and potential use-after-free in PK11_ChangePW (CVE-2022-38476)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.0
|
< 91.13.0-1.el9_0.alma |
|
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.0
|
< 91.13.0-1.el9_0.alma |
- ID
- ALSA-2022:6174
- Severity
- important
- URL
- https://errata.almalinux.org/ALSA-2022:6174.html
- Published
-
2022-08-24T00:00:00
(2 years ago) - Modified
-
2022-08-30T14:56:43
(2 years ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
-
ALAS2-2022-1855
-
ALPINE:CVE-2022-38472
-
ALPINE:CVE-2022-38473
-
ALPINE:CVE-2022-38476
-
ALPINE:CVE-2022-38477
-
ALPINE:CVE-2022-38478
-
ALSA-2022:6164
-
ALSA-2022:6165
-
ALSA-2022:6175
-
DSA-5217-1
-
DSA-5221-1
-
ELSA-2022-6164
-
ELSA-2022-6165
-
ELSA-2022-6169
-
ELSA-2022-6174
-
ELSA-2022-6175
-
ELSA-2022-6179
-
GLSA-202208-37
-
GLSA-202208-38
-
MFSA-2022-33
-
MFSA-2022-34
-
MFSA-2022-35
-
MFSA-2022-36
-
MFSA-2022-37
-
RHSA-2022:6164
-
RHSA-2022:6165
-
RHSA-2022:6169
-
RHSA-2022:6174
-
RHSA-2022:6175
-
RHSA-2022:6179
-
RLSA-2022:6164
-
RLSA-2022:6175
-
SSA:2022-235-02
-
SSA:2022-235-03
-
SUSE-SU-2022:2984-1
-
SUSE-SU-2022:3007-1
-
SUSE-SU-2022:3030-1
-
SUSE-SU-2022:3272-1
-
SUSE-SU-2022:3273-1
-
SUSE-SU-2022:3281-1
-
SUSE-SU-2022:3396-1
-
USN-5581-1
-
USN-5663-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| RHSA | RHSA-2022:6174 |
|
|
| CVE | CVE-2022-38472 |
|
|
| CVE | CVE-2022-38473 |
|
|
| CVE | CVE-2022-38476 |
|
|
| CVE | CVE-2022-38477 |
|
|
| CVE | CVE-2022-38478 |
|
|
| Bugzilla | 2120673 |
|
|
| Bugzilla | 2120674 |
|
|
| Bugzilla | 2120678 |
|
|
| Bugzilla | 2120695 |
|
|
| Bugzilla | 2120696 |
|
|
| Self | ALSA-2022:6174 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.0 | almalinux |
firefox
|
< 91.13.0-1.el9_0.alma | almalinux-9.0 | x86_64 | |
| Affected | pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.0 | almalinux |
firefox
|
< 91.13.0-1.el9_0.alma | almalinux-9.0 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |