[gentoo-announce] [ GLSA 202211-06 ] Mozilla Firefox: Multiple Vulnerabilities - gentoo-announce

From:	glsamaker@g.o
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 202211-06 ] Mozilla Firefox: Multiple Vulnerabilities
Date:	Tue, 22 Nov 2022 04:02:12
Message-Id:	`166908907003.9.2659609653688444699@2ac734cbf5a7`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 202211-06

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: High

8

    Title: Mozilla Firefox: Multiple Vulnerabilities

9

     Date: November 22, 2022

10

     Bugs: #881403

11

       ID: 202211-06

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in Mozilla Firefox, the

19

worst of which could result in arbitrary code execution.

20

21

Background

22

==========

23

24

Mozilla Firefox is a popular open-source web browser from the Mozilla

25

project.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /     Vulnerable     /            Unaffected

32

    -------------------------------------------------------------------

33

  1  www-client/firefox         < 102.5.0:esr          >= 102.5.0:esr

34

                                < 107.0:rapid          >= 107.0:rapid

35

  2  www-client/firefox-bin     < 102.5.0:esr          >= 102.5.0:esr

36

                                < 107.0:rapid          >= 107.0:rapid

37

38

Description

39

===========

40

41

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please

42

review the CVE identifiers referenced below for details.

43

44

Impact

45

======

46

47

Please review the referenced CVE identifiers for details.

48

49

Workaround

50

==========

51

52

There is no known workaround at this time.

53

54

Resolution

55

==========

56

57

All Mozilla Firefox ESR binary users should upgrade to the latest

58

version:

59

60

  # emerge --sync

61

  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.5.0"

62

63

All Mozilla Firefox ESR users should upgrade to the latest version:

64

65

  # emerge --sync

66

  # emerge --ask --oneshot --verbose ">=www-client/firefox-102.5.0"

67

68

All Mozilla Firefox binary users should upgrade to the latest version:

69

70

  # emerge --sync

71

  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-107.0"

72

73

All Mozilla Firefox users should upgrade to the latest version:

74

75

  # emerge --sync

76

  # emerge --ask --oneshot --verbose ">=www-client/firefox-107.0"

77

78

References

79

==========

80

81

[ 1 ] CVE-2022-40674

82

      https://nvd.nist.gov/vuln/detail/CVE-2022-40674

83

[ 2 ] CVE-2022-45403

84

      https://nvd.nist.gov/vuln/detail/CVE-2022-45403

85

[ 3 ] CVE-2022-45404

86

      https://nvd.nist.gov/vuln/detail/CVE-2022-45404

87

[ 4 ] CVE-2022-45405

88

      https://nvd.nist.gov/vuln/detail/CVE-2022-45405

89

[ 5 ] CVE-2022-45406

90

      https://nvd.nist.gov/vuln/detail/CVE-2022-45406

91

[ 6 ] CVE-2022-45407

92

      https://nvd.nist.gov/vuln/detail/CVE-2022-45407

93

[ 7 ] CVE-2022-45408

94

      https://nvd.nist.gov/vuln/detail/CVE-2022-45408

95

[ 8 ] CVE-2022-45409

96

      https://nvd.nist.gov/vuln/detail/CVE-2022-45409

97

[ 9 ] CVE-2022-45410

98

      https://nvd.nist.gov/vuln/detail/CVE-2022-45410

99

[ 10 ] CVE-2022-45411

100

      https://nvd.nist.gov/vuln/detail/CVE-2022-45411

101

[ 11 ] CVE-2022-45412

102

      https://nvd.nist.gov/vuln/detail/CVE-2022-45412

103

[ 12 ] CVE-2022-45413

104

      https://nvd.nist.gov/vuln/detail/CVE-2022-45413

105

[ 13 ] CVE-2022-45415

106

      https://nvd.nist.gov/vuln/detail/CVE-2022-45415

107

[ 14 ] CVE-2022-45416

108

      https://nvd.nist.gov/vuln/detail/CVE-2022-45416

109

[ 15 ] CVE-2022-45417

110

      https://nvd.nist.gov/vuln/detail/CVE-2022-45417

111

[ 16 ] CVE-2022-45418

112

      https://nvd.nist.gov/vuln/detail/CVE-2022-45418

113

[ 17 ] CVE-2022-45419

114

      https://nvd.nist.gov/vuln/detail/CVE-2022-45419

115

[ 18 ] CVE-2022-45420

116

      https://nvd.nist.gov/vuln/detail/CVE-2022-45420

117

[ 19 ] CVE-2022-45421

118

      https://nvd.nist.gov/vuln/detail/CVE-2022-45421

119

120

Availability

121

============

122

123

This GLSA and any updates to it are available for viewing at

124

the Gentoo Security Website:

125

126

 https://security.gentoo.org/glsa/202211-06

127

128

Concerns?

129

=========

130

131

Security is a primary focus of Gentoo Linux and ensuring the

132

confidentiality and security of our users' machines is of utmost

133

importance to us. Any security concerns should be addressed to

134

security@g.o or alternatively, you may file a bug at

135

https://bugs.gentoo.org.

136

137

License

138

=======

139

140

Copyright 2022 Gentoo Foundation, Inc; referenced text

141

belongs to its owner(s).

142

143

The contents of this document are licensed under the

144

Creative Commons - Attribution / Share Alike license.

145

146

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 202211-06
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: High
8	Title: Mozilla Firefox: Multiple Vulnerabilities
9	Date: November 22, 2022
10	Bugs: #881403
11	ID: 202211-06
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in Mozilla Firefox, the
19	worst of which could result in arbitrary code execution.
20
21	Background
22	==========
23
24	Mozilla Firefox is a popular open-source web browser from the Mozilla
25	project.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 www-client/firefox < 102.5.0:esr >= 102.5.0:esr
34	< 107.0:rapid >= 107.0:rapid
35	2 www-client/firefox-bin < 102.5.0:esr >= 102.5.0:esr
36	< 107.0:rapid >= 107.0:rapid
37
38	Description
39	===========
40
41	Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
42	review the CVE identifiers referenced below for details.
43
44	Impact
45	======
46
47	Please review the referenced CVE identifiers for details.
48
49	Workaround
50	==========
51
52	There is no known workaround at this time.
53
54	Resolution
55	==========
56
57	All Mozilla Firefox ESR binary users should upgrade to the latest
58	version:
59
60	# emerge --sync
61	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.5.0"
62
63	All Mozilla Firefox ESR users should upgrade to the latest version:
64
65	# emerge --sync
66	# emerge --ask --oneshot --verbose ">=www-client/firefox-102.5.0"
67
68	All Mozilla Firefox binary users should upgrade to the latest version:
69
70	# emerge --sync
71	# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-107.0"
72
73	All Mozilla Firefox users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=www-client/firefox-107.0"
77
78	References
79	==========
80
81	[ 1 ] CVE-2022-40674
82	https://nvd.nist.gov/vuln/detail/CVE-2022-40674
83	[ 2 ] CVE-2022-45403
84	https://nvd.nist.gov/vuln/detail/CVE-2022-45403
85	[ 3 ] CVE-2022-45404
86	https://nvd.nist.gov/vuln/detail/CVE-2022-45404
87	[ 4 ] CVE-2022-45405
88	https://nvd.nist.gov/vuln/detail/CVE-2022-45405
89	[ 5 ] CVE-2022-45406
90	https://nvd.nist.gov/vuln/detail/CVE-2022-45406
91	[ 6 ] CVE-2022-45407
92	https://nvd.nist.gov/vuln/detail/CVE-2022-45407
93	[ 7 ] CVE-2022-45408
94	https://nvd.nist.gov/vuln/detail/CVE-2022-45408
95	[ 8 ] CVE-2022-45409
96	https://nvd.nist.gov/vuln/detail/CVE-2022-45409
97	[ 9 ] CVE-2022-45410
98	https://nvd.nist.gov/vuln/detail/CVE-2022-45410
99	[ 10 ] CVE-2022-45411
100	https://nvd.nist.gov/vuln/detail/CVE-2022-45411
101	[ 11 ] CVE-2022-45412
102	https://nvd.nist.gov/vuln/detail/CVE-2022-45412
103	[ 12 ] CVE-2022-45413
104	https://nvd.nist.gov/vuln/detail/CVE-2022-45413
105	[ 13 ] CVE-2022-45415
106	https://nvd.nist.gov/vuln/detail/CVE-2022-45415
107	[ 14 ] CVE-2022-45416
108	https://nvd.nist.gov/vuln/detail/CVE-2022-45416
109	[ 15 ] CVE-2022-45417
110	https://nvd.nist.gov/vuln/detail/CVE-2022-45417
111	[ 16 ] CVE-2022-45418
112	https://nvd.nist.gov/vuln/detail/CVE-2022-45418
113	[ 17 ] CVE-2022-45419
114	https://nvd.nist.gov/vuln/detail/CVE-2022-45419
115	[ 18 ] CVE-2022-45420
116	https://nvd.nist.gov/vuln/detail/CVE-2022-45420
117	[ 19 ] CVE-2022-45421
118	https://nvd.nist.gov/vuln/detail/CVE-2022-45421
119
120	Availability
121	============
122
123	This GLSA and any updates to it are available for viewing at
124	the Gentoo Security Website:
125
126	https://security.gentoo.org/glsa/202211-06
127
128	Concerns?
129	=========
130
131	Security is a primary focus of Gentoo Linux and ensuring the
132	confidentiality and security of our users' machines is of utmost
133	importance to us. Any security concerns should be addressed to
134	security@g.o or alternatively, you may file a bug at
135	https://bugs.gentoo.org.
136
137	License
138	=======
139
140	Copyright 2022 Gentoo Foundation, Inc; referenced text
141	belongs to its owner(s).
142
143	The contents of this document are licensed under the
144	Creative Commons - Attribution / Share Alike license.
145
146	https://creativecommons.org/licenses/by-sa/2.5