Gentoo FoundationMGASA-2021-0236Updated firefox packages fix a security vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.4%
Updated firefox packages fix a security vulnerability: Mozilla developers Gabriele Svelto, Anny Gakhokidze, Alexandru Michis, Christian Holler reported memory safety bugs present in Firefox 88 and Firefox ESR 78.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code (CVE-2021-29967). Memory safety bugs fixed in Firefox 89 and Firefox ESR 78.11 This update also fixes: - Unable to connect to Element with the firefox ESR packaged by Mageia (Bug 28755). - Crashes on certain webpages with our packaged version (Bug 28652). - Some connections to websites like Santander Bank (Bug 28359). - Neither audio nor video with BigBlueButton and other WebRTC services with our packaged version of Firefox ESR (Bug 27374).
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 7 | noarch | nspr | < 4.31-1 | nspr-4.31-1.mga7 |
| Mageia | 7 | noarch | rootcerts | < 20210525.00-1 | rootcerts-20210525.00-1.mga7 |
| Mageia | 7 | noarch | nss | < 3.66.0-1 | nss-3.66.0-1.mga7 |
| Mageia | 7 | noarch | firefox | < 78.11.0-1 | firefox-78.11.0-1.mga7 |
| Mageia | 7 | noarch | firefox-l10n | < 78.11.0-1 | firefox-l10n-78.11.0-1.mga7 |
| Mageia | 8 | noarch | nspr | < 4.31-1 | nspr-4.31-1.mga8 |
| Mageia | 8 | noarch | rootcerts | < 20210525.00-1 | rootcerts-20210525.00-1.mga8 |
| Mageia | 8 | noarch | nss | < 3.66.0-1 | nss-3.66.0-1.mga8 |
| Mageia | 8 | noarch | firefox | < 78.11.0-1 | firefox-78.11.0-1.mga8 |
| Mageia | 8 | noarch | firefox-l10n | < 78.11.0-1 | firefox-l10n-78.11.0-1.mga8 |
References
access.redhat.com/errata/RHSA-2021:2206
bugs.mageia.org/show_bug.cgi?id=27374
bugs.mageia.org/show_bug.cgi?id=28359
bugs.mageia.org/show_bug.cgi?id=28652
bugs.mageia.org/show_bug.cgi?id=28755
bugs.mageia.org/show_bug.cgi?id=29064
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.65_release_notes
developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.66_release_notes
groups.google.com/a/mozilla.org/g/dev-tech-crypto/c/4eyMP8SrUGk
www.mozilla.org/en-US/firefox/78.10.1/releasenotes/
www.mozilla.org/en-US/firefox/78.11.0/releasenotes/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
68.4%