[gentoo-announce] [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities - gentoo-announce

From:	John Helmert III <ajak@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities
Date:	Mon, 21 Feb 2022 23:07:25
Message-Id:	`YhQaLcWmPbgpggIy@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202202-03

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: Mozilla Firefox: Multiple vulnerabilities

9

     Date: February 21, 2022

10

     Bugs: #802768, #807947, #813498, #821385, #828538, #831039, #832992

11

       ID: 202202-03

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in Mozilla Firefox, the worst

19

of which could result in the arbitrary execution of code.

20

21

Background

22

==========

23

24

Mozilla Firefox is a popular open-source web browser from the Mozilla

25

project.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-client/firefox         < 91.6.0                 >= 91.6.0:esr

34

                                                        >= 97.0:rapid

35

  2  www-client/firefox-bin     < 91.6.0                 >= 91.6.0:esr

36

                                                        >= 97.0:rapid

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please

42

review the CVE identifiers referenced below for details.

43

44

Impact

45

======

46

47

Please review the referenced CVE identifiers for details.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All Mozilla Firefox ESR users should upgrade to the latest version:

58

59

  # emerge --sync

60

  # emerge --ask --oneshot --verbose ">=www-client/firefox-91.6.0:esr"

61

62

All Mozilla Firefox ESR binary users should upgrade to the latest

63

version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.6.0:esr"

67

68

All Mozilla Firefox users should upgrade to the latest version:

69

70

  # emerge --sync

71

  # emerge --ask --oneshot --verbose ">=www-client/firefox-97.0:rapid"

72

73

All Mozilla Firefox binary users should upgrade to the latest version:

74

75

  # emerge --sync

76

  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-97.0:rapid"

77

78

References

79

==========

80

81

[ 1 ] CVE-2021-29970

82

      https://nvd.nist.gov/vuln/detail/CVE-2021-29970

83

[ 2 ] CVE-2021-29972

84

      https://nvd.nist.gov/vuln/detail/CVE-2021-29972

85

[ 3 ] CVE-2021-29974

86

      https://nvd.nist.gov/vuln/detail/CVE-2021-29974

87

[ 4 ] CVE-2021-29975

88

      https://nvd.nist.gov/vuln/detail/CVE-2021-29975

89

[ 5 ] CVE-2021-29976

90

      https://nvd.nist.gov/vuln/detail/CVE-2021-29976

91

[ 6 ] CVE-2021-29977

92

      https://nvd.nist.gov/vuln/detail/CVE-2021-29977

93

[ 7 ] CVE-2021-29980

94

      https://nvd.nist.gov/vuln/detail/CVE-2021-29980

95

[ 8 ] CVE-2021-29981

96

      https://nvd.nist.gov/vuln/detail/CVE-2021-29981

97

[ 9 ] CVE-2021-29982

98

      https://nvd.nist.gov/vuln/detail/CVE-2021-29982

99

[ 10 ] CVE-2021-29984

100

      https://nvd.nist.gov/vuln/detail/CVE-2021-29984

101

[ 11 ] CVE-2021-29985

102

      https://nvd.nist.gov/vuln/detail/CVE-2021-29985

103

[ 12 ] CVE-2021-29986

104

      https://nvd.nist.gov/vuln/detail/CVE-2021-29986

105

[ 13 ] CVE-2021-29987

106

      https://nvd.nist.gov/vuln/detail/CVE-2021-29987

107

[ 14 ] CVE-2021-29988

108

      https://nvd.nist.gov/vuln/detail/CVE-2021-29988

109

[ 15 ] CVE-2021-29989

110

      https://nvd.nist.gov/vuln/detail/CVE-2021-29989

111

[ 16 ] CVE-2021-29990

112

      https://nvd.nist.gov/vuln/detail/CVE-2021-29990

113

[ 17 ] CVE-2021-30547

114

      https://nvd.nist.gov/vuln/detail/CVE-2021-30547

115

[ 18 ] CVE-2021-38491

116

      https://nvd.nist.gov/vuln/detail/CVE-2021-38491

117

[ 19 ] CVE-2021-38493

118

      https://nvd.nist.gov/vuln/detail/CVE-2021-38493

119

[ 20 ] CVE-2021-38495

120

      https://nvd.nist.gov/vuln/detail/CVE-2021-38495

121

[ 21 ] CVE-2021-38503

122

      https://nvd.nist.gov/vuln/detail/CVE-2021-38503

123

[ 22 ] CVE-2021-38504

124

      https://nvd.nist.gov/vuln/detail/CVE-2021-38504

125

[ 23 ] CVE-2021-38506

126

      https://nvd.nist.gov/vuln/detail/CVE-2021-38506

127

[ 24 ] CVE-2021-38507

128

      https://nvd.nist.gov/vuln/detail/CVE-2021-38507

129

[ 25 ] CVE-2021-38508

130

      https://nvd.nist.gov/vuln/detail/CVE-2021-38508

131

[ 26 ] CVE-2021-38509

132

      https://nvd.nist.gov/vuln/detail/CVE-2021-38509

133

[ 27 ] CVE-2021-4129

134

      https://nvd.nist.gov/vuln/detail/CVE-2021-4129

135

[ 28 ] CVE-2021-4140

136

      https://nvd.nist.gov/vuln/detail/CVE-2021-4140

137

[ 29 ] CVE-2021-43536

138

      https://nvd.nist.gov/vuln/detail/CVE-2021-43536

139

[ 30 ] CVE-2021-43537

140

      https://nvd.nist.gov/vuln/detail/CVE-2021-43537

141

[ 31 ] CVE-2021-43538

142

      https://nvd.nist.gov/vuln/detail/CVE-2021-43538

143

[ 32 ] CVE-2021-43539

144

      https://nvd.nist.gov/vuln/detail/CVE-2021-43539

145

[ 33 ] CVE-2021-43540

146

      https://nvd.nist.gov/vuln/detail/CVE-2021-43540

147

[ 34 ] CVE-2021-43541

148

      https://nvd.nist.gov/vuln/detail/CVE-2021-43541

149

[ 35 ] CVE-2021-43542

150

      https://nvd.nist.gov/vuln/detail/CVE-2021-43542

151

[ 36 ] CVE-2021-43543

152

      https://nvd.nist.gov/vuln/detail/CVE-2021-43543

153

[ 37 ] CVE-2021-43545

154

      https://nvd.nist.gov/vuln/detail/CVE-2021-43545

155

[ 38 ] CVE-2021-43546

156

      https://nvd.nist.gov/vuln/detail/CVE-2021-43546

157

[ 39 ] CVE-2022-0511

158

      https://nvd.nist.gov/vuln/detail/CVE-2022-0511

159

[ 40 ] CVE-2022-22737

160

      https://nvd.nist.gov/vuln/detail/CVE-2022-22737

161

[ 41 ] CVE-2022-22738

162

      https://nvd.nist.gov/vuln/detail/CVE-2022-22738

163

[ 42 ] CVE-2022-22739

164

      https://nvd.nist.gov/vuln/detail/CVE-2022-22739

165

[ 43 ] CVE-2022-22740

166

      https://nvd.nist.gov/vuln/detail/CVE-2022-22740

167

[ 44 ] CVE-2022-22741

168

      https://nvd.nist.gov/vuln/detail/CVE-2022-22741

169

[ 45 ] CVE-2022-22742

170

      https://nvd.nist.gov/vuln/detail/CVE-2022-22742

171

[ 46 ] CVE-2022-22743

172

      https://nvd.nist.gov/vuln/detail/CVE-2022-22743

173

[ 47 ] CVE-2022-22745

174

      https://nvd.nist.gov/vuln/detail/CVE-2022-22745

175

[ 48 ] CVE-2022-22747

176

      https://nvd.nist.gov/vuln/detail/CVE-2022-22747

177

[ 49 ] CVE-2022-22748

178

      https://nvd.nist.gov/vuln/detail/CVE-2022-22748

179

[ 50 ] CVE-2022-22751

180

      https://nvd.nist.gov/vuln/detail/CVE-2022-22751

181

[ 51 ] CVE-2022-22753

182

      https://nvd.nist.gov/vuln/detail/CVE-2022-22753

183

[ 52 ] CVE-2022-22754

184

      https://nvd.nist.gov/vuln/detail/CVE-2022-22754

185

[ 53 ] CVE-2022-22755

186

      https://nvd.nist.gov/vuln/detail/CVE-2022-22755

187

[ 54 ] CVE-2022-22756

188

      https://nvd.nist.gov/vuln/detail/CVE-2022-22756

189

[ 55 ] CVE-2022-22757

190

      https://nvd.nist.gov/vuln/detail/CVE-2022-22757

191

[ 56 ] CVE-2022-22758

192

      https://nvd.nist.gov/vuln/detail/CVE-2022-22758

193

[ 57 ] CVE-2022-22759

194

      https://nvd.nist.gov/vuln/detail/CVE-2022-22759

195

[ 58 ] CVE-2022-22760

196

      https://nvd.nist.gov/vuln/detail/CVE-2022-22760

197

[ 59 ] CVE-2022-22761

198

      https://nvd.nist.gov/vuln/detail/CVE-2022-22761

199

[ 60 ] CVE-2022-22762

200

      https://nvd.nist.gov/vuln/detail/CVE-2022-22762

201

[ 61 ] CVE-2022-22763

202

      https://nvd.nist.gov/vuln/detail/CVE-2022-22763

203

[ 62 ] CVE-2022-22764

204

      https://nvd.nist.gov/vuln/detail/CVE-2022-22764

205

[ 63 ] MOZ-2021-0004

206

[ 64 ] MOZ-2021-0005

207

[ 65 ] MOZ-2021-0006

208

[ 66 ] MOZ-2021-0007

209

[ 67 ] MOZ-2021-0008

210

211

Availability

212

============

213

214

This GLSA and any updates to it are available for viewing at

215

the Gentoo Security Website:

216

217

 https://security.gentoo.org/glsa/202202-03

218

219

Concerns?

220

=========

221

222

Security is a primary focus of Gentoo Linux and ensuring the

223

confidentiality and security of our users' machines is of utmost

224

importance to us. Any security concerns should be addressed to

225

security@g.o or alternatively, you may file a bug at

226

https://bugs.gentoo.org.

227

228

License

229

=======

230

231

Copyright 2022 Gentoo Foundation, Inc; referenced text

232

belongs to its owner(s).

233

234

The contents of this document are licensed under the

235

Creative Commons - Attribution / Share Alike license.

236

237

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202202-03
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Mozilla Firefox: Multiple vulnerabilities
9	Date: February 21, 2022
10	Bugs: #802768, #807947, #813498, #821385, #828538, #831039, #832992
11	ID: 202202-03
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in Mozilla Firefox, the worst
19	of which could result in the arbitrary execution of code.
20
21	Background
22	==========
23
24	Mozilla Firefox is a popular open-source web browser from the Mozilla
25	project.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-client/firefox < 91.6.0 >= 91.6.0:esr
34	>= 97.0:rapid
35	2 www-client/firefox-bin < 91.6.0 >= 91.6.0:esr
36	>= 97.0:rapid
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
42	review the CVE identifiers referenced below for details.
43
44	Impact
45	======
46
47	Please review the referenced CVE identifiers for details.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All Mozilla Firefox ESR users should upgrade to the latest version:
58
59	# emerge --sync
60	# emerge --ask --oneshot --verbose ">=www-client/firefox-91.6.0:esr"
61
62	All Mozilla Firefox ESR binary users should upgrade to the latest
63	version:
64
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.6.0:esr"
67
68	All Mozilla Firefox users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=www-client/firefox-97.0:rapid"
72
73	All Mozilla Firefox binary users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-97.0:rapid"
77
78	References
79	==========
80
81	[ 1 ] CVE-2021-29970
82	https://nvd.nist.gov/vuln/detail/CVE-2021-29970
83	[ 2 ] CVE-2021-29972
84	https://nvd.nist.gov/vuln/detail/CVE-2021-29972
85	[ 3 ] CVE-2021-29974
86	https://nvd.nist.gov/vuln/detail/CVE-2021-29974
87	[ 4 ] CVE-2021-29975
88	https://nvd.nist.gov/vuln/detail/CVE-2021-29975
89	[ 5 ] CVE-2021-29976
90	https://nvd.nist.gov/vuln/detail/CVE-2021-29976
91	[ 6 ] CVE-2021-29977
92	https://nvd.nist.gov/vuln/detail/CVE-2021-29977
93	[ 7 ] CVE-2021-29980
94	https://nvd.nist.gov/vuln/detail/CVE-2021-29980
95	[ 8 ] CVE-2021-29981
96	https://nvd.nist.gov/vuln/detail/CVE-2021-29981
97	[ 9 ] CVE-2021-29982
98	https://nvd.nist.gov/vuln/detail/CVE-2021-29982
99	[ 10 ] CVE-2021-29984
100	https://nvd.nist.gov/vuln/detail/CVE-2021-29984
101	[ 11 ] CVE-2021-29985
102	https://nvd.nist.gov/vuln/detail/CVE-2021-29985
103	[ 12 ] CVE-2021-29986
104	https://nvd.nist.gov/vuln/detail/CVE-2021-29986
105	[ 13 ] CVE-2021-29987
106	https://nvd.nist.gov/vuln/detail/CVE-2021-29987
107	[ 14 ] CVE-2021-29988
108	https://nvd.nist.gov/vuln/detail/CVE-2021-29988
109	[ 15 ] CVE-2021-29989
110	https://nvd.nist.gov/vuln/detail/CVE-2021-29989
111	[ 16 ] CVE-2021-29990
112	https://nvd.nist.gov/vuln/detail/CVE-2021-29990
113	[ 17 ] CVE-2021-30547
114	https://nvd.nist.gov/vuln/detail/CVE-2021-30547
115	[ 18 ] CVE-2021-38491
116	https://nvd.nist.gov/vuln/detail/CVE-2021-38491
117	[ 19 ] CVE-2021-38493
118	https://nvd.nist.gov/vuln/detail/CVE-2021-38493
119	[ 20 ] CVE-2021-38495
120	https://nvd.nist.gov/vuln/detail/CVE-2021-38495
121	[ 21 ] CVE-2021-38503
122	https://nvd.nist.gov/vuln/detail/CVE-2021-38503
123	[ 22 ] CVE-2021-38504
124	https://nvd.nist.gov/vuln/detail/CVE-2021-38504
125	[ 23 ] CVE-2021-38506
126	https://nvd.nist.gov/vuln/detail/CVE-2021-38506
127	[ 24 ] CVE-2021-38507
128	https://nvd.nist.gov/vuln/detail/CVE-2021-38507
129	[ 25 ] CVE-2021-38508
130	https://nvd.nist.gov/vuln/detail/CVE-2021-38508
131	[ 26 ] CVE-2021-38509
132	https://nvd.nist.gov/vuln/detail/CVE-2021-38509
133	[ 27 ] CVE-2021-4129
134	https://nvd.nist.gov/vuln/detail/CVE-2021-4129
135	[ 28 ] CVE-2021-4140
136	https://nvd.nist.gov/vuln/detail/CVE-2021-4140
137	[ 29 ] CVE-2021-43536
138	https://nvd.nist.gov/vuln/detail/CVE-2021-43536
139	[ 30 ] CVE-2021-43537
140	https://nvd.nist.gov/vuln/detail/CVE-2021-43537
141	[ 31 ] CVE-2021-43538
142	https://nvd.nist.gov/vuln/detail/CVE-2021-43538
143	[ 32 ] CVE-2021-43539
144	https://nvd.nist.gov/vuln/detail/CVE-2021-43539
145	[ 33 ] CVE-2021-43540
146	https://nvd.nist.gov/vuln/detail/CVE-2021-43540
147	[ 34 ] CVE-2021-43541
148	https://nvd.nist.gov/vuln/detail/CVE-2021-43541
149	[ 35 ] CVE-2021-43542
150	https://nvd.nist.gov/vuln/detail/CVE-2021-43542
151	[ 36 ] CVE-2021-43543
152	https://nvd.nist.gov/vuln/detail/CVE-2021-43543
153	[ 37 ] CVE-2021-43545
154	https://nvd.nist.gov/vuln/detail/CVE-2021-43545
155	[ 38 ] CVE-2021-43546
156	https://nvd.nist.gov/vuln/detail/CVE-2021-43546
157	[ 39 ] CVE-2022-0511
158	https://nvd.nist.gov/vuln/detail/CVE-2022-0511
159	[ 40 ] CVE-2022-22737
160	https://nvd.nist.gov/vuln/detail/CVE-2022-22737
161	[ 41 ] CVE-2022-22738
162	https://nvd.nist.gov/vuln/detail/CVE-2022-22738
163	[ 42 ] CVE-2022-22739
164	https://nvd.nist.gov/vuln/detail/CVE-2022-22739
165	[ 43 ] CVE-2022-22740
166	https://nvd.nist.gov/vuln/detail/CVE-2022-22740
167	[ 44 ] CVE-2022-22741
168	https://nvd.nist.gov/vuln/detail/CVE-2022-22741
169	[ 45 ] CVE-2022-22742
170	https://nvd.nist.gov/vuln/detail/CVE-2022-22742
171	[ 46 ] CVE-2022-22743
172	https://nvd.nist.gov/vuln/detail/CVE-2022-22743
173	[ 47 ] CVE-2022-22745
174	https://nvd.nist.gov/vuln/detail/CVE-2022-22745
175	[ 48 ] CVE-2022-22747
176	https://nvd.nist.gov/vuln/detail/CVE-2022-22747
177	[ 49 ] CVE-2022-22748
178	https://nvd.nist.gov/vuln/detail/CVE-2022-22748
179	[ 50 ] CVE-2022-22751
180	https://nvd.nist.gov/vuln/detail/CVE-2022-22751
181	[ 51 ] CVE-2022-22753
182	https://nvd.nist.gov/vuln/detail/CVE-2022-22753
183	[ 52 ] CVE-2022-22754
184	https://nvd.nist.gov/vuln/detail/CVE-2022-22754
185	[ 53 ] CVE-2022-22755
186	https://nvd.nist.gov/vuln/detail/CVE-2022-22755
187	[ 54 ] CVE-2022-22756
188	https://nvd.nist.gov/vuln/detail/CVE-2022-22756
189	[ 55 ] CVE-2022-22757
190	https://nvd.nist.gov/vuln/detail/CVE-2022-22757
191	[ 56 ] CVE-2022-22758
192	https://nvd.nist.gov/vuln/detail/CVE-2022-22758
193	[ 57 ] CVE-2022-22759
194	https://nvd.nist.gov/vuln/detail/CVE-2022-22759
195	[ 58 ] CVE-2022-22760
196	https://nvd.nist.gov/vuln/detail/CVE-2022-22760
197	[ 59 ] CVE-2022-22761
198	https://nvd.nist.gov/vuln/detail/CVE-2022-22761
199	[ 60 ] CVE-2022-22762
200	https://nvd.nist.gov/vuln/detail/CVE-2022-22762
201	[ 61 ] CVE-2022-22763
202	https://nvd.nist.gov/vuln/detail/CVE-2022-22763
203	[ 62 ] CVE-2022-22764
204	https://nvd.nist.gov/vuln/detail/CVE-2022-22764
205	[ 63 ] MOZ-2021-0004
206	[ 64 ] MOZ-2021-0005
207	[ 65 ] MOZ-2021-0006
208	[ 66 ] MOZ-2021-0007
209	[ 67 ] MOZ-2021-0008
210
211	Availability
212	============
213
214	This GLSA and any updates to it are available for viewing at
215	the Gentoo Security Website:
216
217	https://security.gentoo.org/glsa/202202-03
218
219	Concerns?
220	=========
221
222	Security is a primary focus of Gentoo Linux and ensuring the
223	confidentiality and security of our users' machines is of utmost
224	importance to us. Any security concerns should be addressed to
225	security@g.o or alternatively, you may file a bug at
226	https://bugs.gentoo.org.
227
228	License
229	=======
230
231	Copyright 2022 Gentoo Foundation, Inc; referenced text
232	belongs to its owner(s).
233
234	The contents of this document are licensed under the
235	Creative Commons - Attribution / Share Alike license.
236
237	https://creativecommons.org/licenses/by-sa/2.5