diff options
author | 2022-08-10 04:06:48 +0000 | |
---|---|---|
committer | 2022-08-09 23:17:28 -0500 | |
commit | 28683764d95cb78c056bdf67f3245ad0eb5c6bbe (patch) | |
tree | ceb2e9134c68f26a6c3d6972eddfc285ad5b35a4 | |
parent | [ GLSA 202208-07 ] LibRaw: Stack buffer overread (diff) | |
download | glsa-28683764d95cb78c056bdf67f3245ad0eb5c6bbe.tar.gz glsa-28683764d95cb78c056bdf67f3245ad0eb5c6bbe.tar.bz2 glsa-28683764d95cb78c056bdf67f3245ad0eb5c6bbe.zip |
[ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
Bug: https://bugs.gentoo.org/834631
Bug: https://bugs.gentoo.org/834804
Bug: https://bugs.gentoo.org/836866
Bug: https://bugs.gentoo.org/842438
Bug: https://bugs.gentoo.org/846593
Bug: https://bugs.gentoo.org/849044
Bug: https://bugs.gentoo.org/857045
Bug: https://bugs.gentoo.org/861515
Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
Signed-off-by: John Helmert III <ajak@gentoo.org>
-rw-r--r-- | glsa-202208-08.xml | 147 |
1 files changed, 147 insertions, 0 deletions
diff --git a/glsa-202208-08.xml b/glsa-202208-08.xml new file mode 100644 index 00000000..025606af --- /dev/null +++ b/glsa-202208-08.xml @@ -0,0 +1,147 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="202208-08"> + <title>Mozilla Firefox: Multiple Vulnerabilities</title> + <synopsis>Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.</synopsis> + <product type="ebuild">firefox,firefox-bin</product> + <announced>2022-08-10</announced> + <revised count="1">2022-08-10</revised> + <bug>834631</bug> + <bug>834804</bug> + <bug>836866</bug> + <bug>842438</bug> + <bug>846593</bug> + <bug>849044</bug> + <bug>857045</bug> + <bug>861515</bug> + <access>remote</access> + <affected> + <package name="www-client/firefox" auto="yes" arch="*"> + <unaffected range="ge" slot="esr">91.12.0</unaffected> + <unaffected range="ge" slot="rapid">103.0</unaffected> + <vulnerable range="lt" slot="rapid">103.0</vulnerable> + <vulnerable range="lt" slot="esr">91.12.0</vulnerable> + </package> + <package name="www-client/firefox-bin" auto="yes" arch="*"> + <unaffected range="ge" slot="esr">91.12.0</unaffected> + <unaffected range="ge" slot="rapid">103.0</unaffected> + <vulnerable range="lt" slot="esr">91.12.0</vulnerable> + <vulnerable range="lt" slot="rapid">103.0</vulnerable> + </package> + </affected> + <background> + <p>Mozilla Firefox is a popular open-source web browser from the Mozilla project.</p> + </background> + <description> + <p>Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.</p> + </description> + <impact type="high"> + <p>Please review the referenced CVE identifiers for details.</p> + </impact> + <workaround> + <p>There is no known workaround at this time.</p> + </workaround> + <resolution> + <p>All Mozilla Firefox ESR users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-91.12.0:esr" + </code> + + <p>All Mozilla Firefox ESR binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.12.0:esr" + </code> + + <p>All Mozilla Firefox users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-103.0:rapid" + </code> + + <p>All Mozilla Firefox binary users should upgrade to the latest version:</p> + + <code> + # emerge --sync + # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-103.0:rapid" + </code> + </resolution> + <references> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-0843">CVE-2022-0843</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1196">CVE-2022-1196</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1529">CVE-2022-1529</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1802">CVE-2022-1802</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-1919">CVE-2022-1919</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2200">CVE-2022-2200</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-2505">CVE-2022-2505</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-24713">CVE-2022-24713</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26381">CVE-2022-26381</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26382">CVE-2022-26382</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26383">CVE-2022-26383</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26384">CVE-2022-26384</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26385">CVE-2022-26385</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26386">CVE-2022-26386</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26387">CVE-2022-26387</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26485">CVE-2022-26485</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-26486">CVE-2022-26486</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28281">CVE-2022-28281</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28282">CVE-2022-28282</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28283">CVE-2022-28283</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28284">CVE-2022-28284</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28285">CVE-2022-28285</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28286">CVE-2022-28286</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28287">CVE-2022-28287</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28288">CVE-2022-28288</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-28289">CVE-2022-28289</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29909">CVE-2022-29909</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29910">CVE-2022-29910</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29911">CVE-2022-29911</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29912">CVE-2022-29912</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29914">CVE-2022-29914</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29915">CVE-2022-29915</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29916">CVE-2022-29916</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29917">CVE-2022-29917</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-29918">CVE-2022-29918</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31736">CVE-2022-31736</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31737">CVE-2022-31737</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31738">CVE-2022-31738</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31740">CVE-2022-31740</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31741">CVE-2022-31741</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31742">CVE-2022-31742</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31743">CVE-2022-31743</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31744">CVE-2022-31744</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31745">CVE-2022-31745</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31747">CVE-2022-31747</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-31748">CVE-2022-31748</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34468">CVE-2022-34468</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34469">CVE-2022-34469</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34470">CVE-2022-34470</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34471">CVE-2022-34471</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34472">CVE-2022-34472</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34473">CVE-2022-34473</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34474">CVE-2022-34474</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34475">CVE-2022-34475</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34476">CVE-2022-34476</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34477">CVE-2022-34477</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34478">CVE-2022-34478</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34479">CVE-2022-34479</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34480">CVE-2022-34480</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34481">CVE-2022-34481</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34482">CVE-2022-34482</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34483">CVE-2022-34483</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34484">CVE-2022-34484</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-34485">CVE-2022-34485</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36315">CVE-2022-36315</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36316">CVE-2022-36316</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36318">CVE-2022-36318</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36319">CVE-2022-36319</uri> + <uri link="https://nvd.nist.gov/vuln/detail/CVE-2022-36320">CVE-2022-36320</uri> + <uri>MFSA-2022-14</uri> + </references> + <metadata tag="requester" timestamp="2022-08-10T04:06:48.151092Z">ajak</metadata> + <metadata tag="submitter" timestamp="2022-08-10T04:06:48.153620Z">ajak</metadata> +</glsa>
\ No newline at end of file |