Univention Bugzilla – Bug 54543
firefox-esr: Multiple issues (5.0)
Last modified: 2022-03-16 15:18:12 CET
New Debian firefox-esr 91.7.0esr-1~deb10u1 fixes: This update addresses the following issues: * Use-after-free in text reflows (CVE-2022-26381) * Browser window spoof using fullscreen mode (CVE-2022-26383) * iframe allow-scripts sandbox bypass (CVE-2022-26384) * Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) * Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_91.6.1esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/firefox-esr_91.7.0esr-1~deb10u1.dsc @@ -1,3 +1,10 @@ +91.7.0esr-1~deb10u1 [Wed, 09 Mar 2022 06:47:37 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-11, also known as + CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, + CVE-2022-26386. + 91.6.1esr-1~deb10u1 [Sun, 06 Mar 2022 07:31:23 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://piuparts.knut.univention.de/5.0-1/#5660217663833877676>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] 0211165450 Bug #54543: firefox-esr 91.7.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x243>