Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/6C9A1BBC54C5119D4FF772D6DDB1704E
HistoryDec 14, 2021 - 12:00 a.m.

Security fix for the ALT Linux 10 package firefox-esr version 91.4.0-alt1

2021-12-1400:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
27
alt linux 10
firefox-esr
security fixes
cve-2021-43536
cve-2021-43537
cve-2021-43538
cve-2021-43539
cve-2021-43541
cve-2021-43542
cve-2021-43543
cve-2021-43545
cve-2021-43546
andrey cherepanov

EPSS

0.019

Percentile

88.8%

91.4.0-alt1 built Dec. 14, 2021 Andrey Cherepanov in task #291601

Dec. 6, 2021 Andrey Cherepanov

- New ESR version.
- Security fixes:
  + CVE-2021-43536 URL leakage when navigating while executing asynchronous function
  + CVE-2021-43537 Heap buffer overflow when using structured clone
  + CVE-2021-43538 Missing fullscreen and pointer lock notification when requesting both
  + CVE-2021-43539 GC rooting failure when calling wasm instance methods
  + CVE-2021-43541 External protocol handler parameters were unescaped
  + CVE-2021-43542 XMLHttpRequest error codes could have leaked the existence of an external protocol handler
  + CVE-2021-43543 Bypass of CSP sandbox directive when embedding
  + CVE-2021-43545 Denial of Service when using the Location API in a loop
  + CVE-2021-43546 Cursor spoofing could overlay user interface when native cursor is zoomed