Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
Date: Wed, 10 Aug 2022 04:42:27
Message-Id: 166010441268.7.3789779197433494711@fa4d926cc35c
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-08
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Firefox: Multiple Vulnerabilities
9 Date: August 10, 2022
10 Bugs: #834631, #834804, #836866, #842438, #846593, #849044, #857045, #861515
11 ID: 202208-08
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19 of which could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 91.12.0:esr >= 91.12.0:esr
34 < 103.0:rapid >= 103.0:rapid
35 2 www-client/firefox-bin < 91.12.0:esr >= 91.12.0:esr
36 < 103.0:rapid >= 103.0:rapid
37
38 Description
39 ===========
40
41 Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
42 review the CVE identifiers referenced below for details.
43
44 Impact
45 ======
46
47 Please review the referenced CVE identifiers for details.
48
49 Workaround
50 ==========
51
52 There is no known workaround at this time.
53
54 Resolution
55 ==========
56
57 All Mozilla Firefox ESR users should upgrade to the latest version:
58
59 # emerge --sync
60 # emerge --ask --oneshot --verbose ">=www-client/firefox-91.12.0:esr"
61
62 All Mozilla Firefox ESR binary users should upgrade to the latest version:
63
64 # emerge --sync
65 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.12.0:esr"
66
67 All Mozilla Firefox users should upgrade to the latest version:
68
69 # emerge --sync
70 # emerge --ask --oneshot --verbose ">=www-client/firefox-103.0:rapid"
71
72 All Mozilla Firefox binary users should upgrade to the latest version:
73
74 # emerge --sync
75 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-103.0:rapid"
76
77 References
78 ==========
79
80 [ 1 ] CVE-2022-0843
81 https://nvd.nist.gov/vuln/detail/CVE-2022-0843
82 [ 2 ] CVE-2022-1196
83 https://nvd.nist.gov/vuln/detail/CVE-2022-1196
84 [ 3 ] CVE-2022-1529
85 https://nvd.nist.gov/vuln/detail/CVE-2022-1529
86 [ 4 ] CVE-2022-1802
87 https://nvd.nist.gov/vuln/detail/CVE-2022-1802
88 [ 5 ] CVE-2022-1919
89 https://nvd.nist.gov/vuln/detail/CVE-2022-1919
90 [ 6 ] CVE-2022-2200
91 https://nvd.nist.gov/vuln/detail/CVE-2022-2200
92 [ 7 ] CVE-2022-2505
93 https://nvd.nist.gov/vuln/detail/CVE-2022-2505
94 [ 8 ] CVE-2022-24713
95 https://nvd.nist.gov/vuln/detail/CVE-2022-24713
96 [ 9 ] CVE-2022-26381
97 https://nvd.nist.gov/vuln/detail/CVE-2022-26381
98 [ 10 ] CVE-2022-26382
99 https://nvd.nist.gov/vuln/detail/CVE-2022-26382
100 [ 11 ] CVE-2022-26383
101 https://nvd.nist.gov/vuln/detail/CVE-2022-26383
102 [ 12 ] CVE-2022-26384
103 https://nvd.nist.gov/vuln/detail/CVE-2022-26384
104 [ 13 ] CVE-2022-26385
105 https://nvd.nist.gov/vuln/detail/CVE-2022-26385
106 [ 14 ] CVE-2022-26386
107 https://nvd.nist.gov/vuln/detail/CVE-2022-26386
108 [ 15 ] CVE-2022-26387
109 https://nvd.nist.gov/vuln/detail/CVE-2022-26387
110 [ 16 ] CVE-2022-26485
111 https://nvd.nist.gov/vuln/detail/CVE-2022-26485
112 [ 17 ] CVE-2022-26486
113 https://nvd.nist.gov/vuln/detail/CVE-2022-26486
114 [ 18 ] CVE-2022-28281
115 https://nvd.nist.gov/vuln/detail/CVE-2022-28281
116 [ 19 ] CVE-2022-28282
117 https://nvd.nist.gov/vuln/detail/CVE-2022-28282
118 [ 20 ] CVE-2022-28283
119 https://nvd.nist.gov/vuln/detail/CVE-2022-28283
120 [ 21 ] CVE-2022-28284
121 https://nvd.nist.gov/vuln/detail/CVE-2022-28284
122 [ 22 ] CVE-2022-28285
123 https://nvd.nist.gov/vuln/detail/CVE-2022-28285
124 [ 23 ] CVE-2022-28286
125 https://nvd.nist.gov/vuln/detail/CVE-2022-28286
126 [ 24 ] CVE-2022-28287
127 https://nvd.nist.gov/vuln/detail/CVE-2022-28287
128 [ 25 ] CVE-2022-28288
129 https://nvd.nist.gov/vuln/detail/CVE-2022-28288
130 [ 26 ] CVE-2022-28289
131 https://nvd.nist.gov/vuln/detail/CVE-2022-28289
132 [ 27 ] CVE-2022-29909
133 https://nvd.nist.gov/vuln/detail/CVE-2022-29909
134 [ 28 ] CVE-2022-29910
135 https://nvd.nist.gov/vuln/detail/CVE-2022-29910
136 [ 29 ] CVE-2022-29911
137 https://nvd.nist.gov/vuln/detail/CVE-2022-29911
138 [ 30 ] CVE-2022-29912
139 https://nvd.nist.gov/vuln/detail/CVE-2022-29912
140 [ 31 ] CVE-2022-29914
141 https://nvd.nist.gov/vuln/detail/CVE-2022-29914
142 [ 32 ] CVE-2022-29915
143 https://nvd.nist.gov/vuln/detail/CVE-2022-29915
144 [ 33 ] CVE-2022-29916
145 https://nvd.nist.gov/vuln/detail/CVE-2022-29916
146 [ 34 ] CVE-2022-29917
147 https://nvd.nist.gov/vuln/detail/CVE-2022-29917
148 [ 35 ] CVE-2022-29918
149 https://nvd.nist.gov/vuln/detail/CVE-2022-29918
150 [ 36 ] CVE-2022-31736
151 https://nvd.nist.gov/vuln/detail/CVE-2022-31736
152 [ 37 ] CVE-2022-31737
153 https://nvd.nist.gov/vuln/detail/CVE-2022-31737
154 [ 38 ] CVE-2022-31738
155 https://nvd.nist.gov/vuln/detail/CVE-2022-31738
156 [ 39 ] CVE-2022-31740
157 https://nvd.nist.gov/vuln/detail/CVE-2022-31740
158 [ 40 ] CVE-2022-31741
159 https://nvd.nist.gov/vuln/detail/CVE-2022-31741
160 [ 41 ] CVE-2022-31742
161 https://nvd.nist.gov/vuln/detail/CVE-2022-31742
162 [ 42 ] CVE-2022-31743
163 https://nvd.nist.gov/vuln/detail/CVE-2022-31743
164 [ 43 ] CVE-2022-31744
165 https://nvd.nist.gov/vuln/detail/CVE-2022-31744
166 [ 44 ] CVE-2022-31745
167 https://nvd.nist.gov/vuln/detail/CVE-2022-31745
168 [ 45 ] CVE-2022-31747
169 https://nvd.nist.gov/vuln/detail/CVE-2022-31747
170 [ 46 ] CVE-2022-31748
171 https://nvd.nist.gov/vuln/detail/CVE-2022-31748
172 [ 47 ] CVE-2022-34468
173 https://nvd.nist.gov/vuln/detail/CVE-2022-34468
174 [ 48 ] CVE-2022-34469
175 https://nvd.nist.gov/vuln/detail/CVE-2022-34469
176 [ 49 ] CVE-2022-34470
177 https://nvd.nist.gov/vuln/detail/CVE-2022-34470
178 [ 50 ] CVE-2022-34471
179 https://nvd.nist.gov/vuln/detail/CVE-2022-34471
180 [ 51 ] CVE-2022-34472
181 https://nvd.nist.gov/vuln/detail/CVE-2022-34472
182 [ 52 ] CVE-2022-34473
183 https://nvd.nist.gov/vuln/detail/CVE-2022-34473
184 [ 53 ] CVE-2022-34474
185 https://nvd.nist.gov/vuln/detail/CVE-2022-34474
186 [ 54 ] CVE-2022-34475
187 https://nvd.nist.gov/vuln/detail/CVE-2022-34475
188 [ 55 ] CVE-2022-34476
189 https://nvd.nist.gov/vuln/detail/CVE-2022-34476
190 [ 56 ] CVE-2022-34477
191 https://nvd.nist.gov/vuln/detail/CVE-2022-34477
192 [ 57 ] CVE-2022-34478
193 https://nvd.nist.gov/vuln/detail/CVE-2022-34478
194 [ 58 ] CVE-2022-34479
195 https://nvd.nist.gov/vuln/detail/CVE-2022-34479
196 [ 59 ] CVE-2022-34480
197 https://nvd.nist.gov/vuln/detail/CVE-2022-34480
198 [ 60 ] CVE-2022-34481
199 https://nvd.nist.gov/vuln/detail/CVE-2022-34481
200 [ 61 ] CVE-2022-34482
201 https://nvd.nist.gov/vuln/detail/CVE-2022-34482
202 [ 62 ] CVE-2022-34483
203 https://nvd.nist.gov/vuln/detail/CVE-2022-34483
204 [ 63 ] CVE-2022-34484
205 https://nvd.nist.gov/vuln/detail/CVE-2022-34484
206 [ 64 ] CVE-2022-34485
207 https://nvd.nist.gov/vuln/detail/CVE-2022-34485
208 [ 65 ] CVE-2022-36315
209 https://nvd.nist.gov/vuln/detail/CVE-2022-36315
210 [ 66 ] CVE-2022-36316
211 https://nvd.nist.gov/vuln/detail/CVE-2022-36316
212 [ 67 ] CVE-2022-36318
213 https://nvd.nist.gov/vuln/detail/CVE-2022-36318
214 [ 68 ] CVE-2022-36319
215 https://nvd.nist.gov/vuln/detail/CVE-2022-36319
216 [ 69 ] CVE-2022-36320
217 https://nvd.nist.gov/vuln/detail/CVE-2022-36320
218 [ 70 ] MFSA-2022-14
219
220 Availability
221 ============
222
223 This GLSA and any updates to it are available for viewing at
224 the Gentoo Security Website:
225
226 https://security.gentoo.org/glsa/202208-08
227
228 Concerns?
229 =========
230
231 Security is a primary focus of Gentoo Linux and ensuring the
232 confidentiality and security of our users' machines is of utmost
233 importance to us. Any security concerns should be addressed to
234 security@g.o or alternatively, you may file a bug at
235 https://bugs.gentoo.org.
236
237 License
238 =======
239
240 Copyright 2022 Gentoo Foundation, Inc; referenced text
241 belongs to its owner(s).
242
243 The contents of this document are licensed under the
244 Creative Commons - Attribution / Share Alike license.
245
246 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups