Lucene search

RedHatRHSA-2021:5017

HistoryDec 08, 2021 - 9:44 a.m.

(RHSA-2021:5017) Important: firefox security update

2021-12-0809:44:27

access.redhat.com

mozilla firefox

91.4.0 esr

memory safety

url leakage

heap buffer overflow

missing fullscreen

pointer lock

gc rooting failure

unescaped parameters

denial of service

cursor spoofing

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.019

Percentile

88.8%

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 91.4.0 ESR.

Security Fix(es):

Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4
Mozilla: URL leakage when navigating while executing asynchronous function (CVE-2021-43536)
Mozilla: Heap buffer overflow when using structured clone (CVE-2021-43537)
Mozilla: Missing fullscreen and pointer lock notification when requesting both (CVE-2021-43538)
Mozilla: GC rooting failure when calling wasm instance methods (CVE-2021-43539)
Mozilla: External protocol handler parameters were unescaped (CVE-2021-43541)
Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler (CVE-2021-43542)
Mozilla: Bypass of CSP sandbox directive when embedding (CVE-2021-43543)
Mozilla: Denial of Service when using the Location API in a loop (CVE-2021-43545)
Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed (CVE-2021-43546)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8x86_64firefox-debuginfo< 91.4.0-1.el8_1firefox-debuginfo-91.4.0-1.el8_1.x86_64.rpm
RedHat8ppc64lefirefox-debuginfo< 91.4.0-1.el8_1firefox-debuginfo-91.4.0-1.el8_1.ppc64le.rpm
RedHat8x86_64firefox-debugsource< 91.4.0-1.el8_1firefox-debugsource-91.4.0-1.el8_1.x86_64.rpm
RedHat8x86_64firefox< 91.4.0-1.el8_1firefox-91.4.0-1.el8_1.x86_64.rpm
RedHat8ppc64lefirefox< 91.4.0-1.el8_1firefox-91.4.0-1.el8_1.ppc64le.rpm
RedHat8ppc64lefirefox-debugsource< 91.4.0-1.el8_1firefox-debugsource-91.4.0-1.el8_1.ppc64le.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	x86_64	firefox-debuginfo	< 91.4.0-1.el8_1	firefox-debuginfo-91.4.0-1.el8_1.x86_64.rpm
RedHat	8	ppc64le	firefox-debuginfo	< 91.4.0-1.el8_1	firefox-debuginfo-91.4.0-1.el8_1.ppc64le.rpm
RedHat	8	x86_64	firefox-debugsource	< 91.4.0-1.el8_1	firefox-debugsource-91.4.0-1.el8_1.x86_64.rpm
RedHat	8	x86_64	firefox	< 91.4.0-1.el8_1	firefox-91.4.0-1.el8_1.x86_64.rpm
RedHat	8	ppc64le	firefox	< 91.4.0-1.el8_1	firefox-91.4.0-1.el8_1.ppc64le.rpm
RedHat	8	ppc64le	firefox-debugsource	< 91.4.0-1.el8_1	firefox-debugsource-91.4.0-1.el8_1.ppc64le.rpm