[ALSA-2022:8554] firefox security update
Severity
Important
Affected Packages
2
CVEs
13
firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.5.0 ESR.
Security Fix(es):
- Mozilla: Service Workers might have learned size of cross-origin media files (CVE-2022-45403)
- Mozilla: Fullscreen notification bypass (CVE-2022-45404)
- Mozilla: Use-after-free in InputStream implementation (CVE-2022-45405)
- Mozilla: Use-after-free of a JavaScript Realm (CVE-2022-45406)
- Mozilla: Fullscreen notification bypass via windowName (CVE-2022-45408)
- Mozilla: Use-after-free in Garbage Collection (CVE-2022-45409)
- Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 (CVE-2022-45421)
- Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy (CVE-2022-45410)
- Mozilla: Cross-Site Tracing was possible via non-standard override headers (CVE-2022-45411)
- Mozilla: Symlinks may resolve to partially uninitialized buffers (CVE-2022-45412)
- Mozilla: Keystroke Side-Channel Leakage (CVE-2022-45416)
- Mozilla: Custom mouse cursor could have been drawn over browser UI (CVE-2022-45418)
- Mozilla: Iframe contents could be rendered outside the iframe (CVE-2022-45420)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| Package | Affected Version |
|---|---|
 pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.7
|
< 102.5.0-1.el8_7.alma |
|
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.7
|
< 102.5.0-1.el8_7.alma |
- ID
- ALSA-2022:8554
- Severity
- important
- URL
- https://errata.almalinux.org/ALSA-2022:8554.html
- Published
-
2022-11-21T00:00:00
(22 months ago) - Modified
-
2022-11-21T21:14:16
(22 months ago) - Rights
- Copyright 2022 AlmaLinux OS
- Other Advisories
-
-
ALPINE:CVE-2022-45403
-
ALPINE:CVE-2022-45404
-
ALPINE:CVE-2022-45405
-
ALPINE:CVE-2022-45406
-
ALPINE:CVE-2022-45408
-
ALPINE:CVE-2022-45409
-
ALPINE:CVE-2022-45410
-
ALPINE:CVE-2022-45411
-
ALPINE:CVE-2022-45412
-
ALPINE:CVE-2022-45416
-
ALPINE:CVE-2022-45418
-
ALPINE:CVE-2022-45420
-
ALPINE:CVE-2022-45421
-
ALSA-2022:8547
-
ALSA-2022:8561
-
ALSA-2022:8580
-
DSA-5282-1
-
DSA-5284-1
-
ELSA-2022-8547
-
ELSA-2022-8552
-
ELSA-2022-8554
-
ELSA-2022-8555
-
ELSA-2022-8561
-
ELSA-2022-8580
-
GLSA-202211-05
-
GLSA-202211-06
-
MFSA-2022-47
-
MFSA-2022-48
-
MFSA-2022-49
-
RHSA-2022:8547
-
RHSA-2022:8552
-
RHSA-2022:8554
-
RHSA-2022:8555
-
RHSA-2022:8561
-
RHSA-2022:8580
-
RLSA-2022:8547
-
RLSA-2022:8554
-
SSA:2022-320-02
-
SSA:2022-320-03
-
SUSE-SU-2022:4058-1
-
SUSE-SU-2022:4083-1
-
SUSE-SU-2022:4085-1
-
SUSE-SU-2022:4247-1
-
USN-5726-1
-
USN-5824-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.7 | almalinux |
firefox
|
< 102.5.0-1.el8_7.alma | almalinux-8.7 | x86_64 | |
| Affected | pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.7 | almalinux |
firefox
|
< 102.5.0-1.el8_7.alma | almalinux-8.7 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |