Scientific Linux alert SLSA-2021:0992-1 (firefox)


From:
               Farhan Ahmed <fahmed@fnal.gov>
To:
               scientific-linux-errata@listserv.fnal.gov
Subject:
               Security ERRATA Important: firefox on SL7.x x86_64
Date:
               Thu, 25 Mar 2021 20:25:54 -0000
Message-ID:
               <20210325202554.469.92912@4d14c5bc2382>
Synopsis:          Important: firefox security update
Advisory ID:       SLSA-2021:0992-1
Issue Date:        2021-03-25
CVE Numbers:       CVE-2021-23981
                   CVE-2021-23982
                   CVE-2021-23984
                   CVE-2021-23987
--

This update upgrades Firefox to version 78.9.0 ESR.

Security Fix(es):

* Mozilla: Texture upload into an unbound backing buffer resulted in an
out-of-bound read (CVE-2021-23981)

* Mozilla: Memory safety bugs fixed in Firefox 87 and Firefox ESR 78.9
(CVE-2021-23987)

* Mozilla: Internal network hosts could have been probed by a malicious
webpage (CVE-2021-23982)

* Mozilla: Malicious extensions could have spoofed popup information
(CVE-2021-23984)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
--

- Scientific Linux Development Team

From:		Farhan Ahmed <fahmed@fnal.gov>
To:		scientific-linux-errata@listserv.fnal.gov
Subject:		Security ERRATA Important: firefox on SL7.x x86_64
Date:		Thu, 25 Mar 2021 20:25:54 -0000
Message-ID:		<20210325202554.469.92912@4d14c5bc2382>