Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: glsamaker@g.o
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202208-37 ] Mozilla Firefox: Multiple Vulnerabilities
Date: Wed, 31 Aug 2022 23:42:22
Message-Id: 166198899331.12.3815564830163308114@ec95405eafab
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202208-37
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Mozilla Firefox: Multiple Vulnerabilities
9 Date: August 31, 2022
10 Bugs: #866215
11 ID: 202208-37
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been discovered in Mozilla Firefox, the
19 worst of which could result in arbitrary code execution.
20
21 Background
22 ==========
23
24 Mozilla Firefox is a popular open-source web browser from the Mozilla
25 project.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 www-client/firefox < 104:rapid >= 104:rapid
34 < 91.13.0:esr >= 91.13.0:esr
35 2 www-client/firefox-bin < 104:rapid >= 104:rapid
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
41 review the CVE identifiers referenced below for details.
42
43 Impact
44 ======
45
46 Please review the referenced CVE identifiers for details.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All Mozilla Firefox ESR users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=www-client/firefox-91.13.0"
60
61 All Mozilla Firefox ESR binary users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.13.0"
65
66 All Mozilla Firefox users should upgrade to the latest version:
67
68 # emerge --sync
69 # emerge --ask --oneshot --verbose ">=www-client/firefox-104.0"
70
71 All Mozilla Firefox binary users should upgrade to the latest version:
72
73 # emerge --sync
74 # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-104.0"
75
76 References
77 ==========
78
79 [ 1 ] CVE-2022-38472
80 https://nvd.nist.gov/vuln/detail/CVE-2022-38472
81 [ 2 ] CVE-2022-38473
82 https://nvd.nist.gov/vuln/detail/CVE-2022-38473
83 [ 3 ] CVE-2022-38474
84 https://nvd.nist.gov/vuln/detail/CVE-2022-38474
85 [ 4 ] CVE-2022-38475
86 https://nvd.nist.gov/vuln/detail/CVE-2022-38475
87 [ 5 ] CVE-2022-38476
88 https://nvd.nist.gov/vuln/detail/CVE-2022-38476
89 [ 6 ] CVE-2022-38477
90 https://nvd.nist.gov/vuln/detail/CVE-2022-38477
91 [ 7 ] CVE-2022-38478
92 https://nvd.nist.gov/vuln/detail/CVE-2022-38478
93
94 Availability
95 ============
96
97 This GLSA and any updates to it are available for viewing at
98 the Gentoo Security Website:
99
100 https://security.gentoo.org/glsa/202208-37
101
102 Concerns?
103 =========
104
105 Security is a primary focus of Gentoo Linux and ensuring the
106 confidentiality and security of our users' machines is of utmost
107 importance to us. Any security concerns should be addressed to
108 security@g.o or alternatively, you may file a bug at
109 https://bugs.gentoo.org.
110
111 License
112 =======
113
114 Copyright 2022 Gentoo Foundation, Inc; referenced text
115 belongs to its owner(s).
116
117 The contents of this document are licensed under the
118 Creative Commons - Attribution / Share Alike license.
119
120 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups