Univention Bugzilla – Bug 54545
firefox-esr: Multiple issues (4.4)
Last modified: 2022-03-16 14:14:31 CET
New Debian firefox-esr 91.7.0esr-1~deb9u1 fixes: This update addresses the following issues: * Use-after-free in text reflows (CVE-2022-26381) * Browser window spoof using fullscreen mode (CVE-2022-26383) * iframe allow-scripts sandbox bypass (CVE-2022-26384) * Temporary files downloaded to /tmp and accessible by other local users (CVE-2022-26386) * Time-of-check time-of-use bug when verifying add-on signatures (CVE-2022-26387)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/firefox-esr_91.6.1esr-1~deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/firefox-esr_91.7.0esr-1~deb9u1.dsc @@ -1,3 +1,14 @@ +91.7.0esr-1~deb9u1 [Wed, 09 Mar 2022 07:53:25 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: + + * Backport to stretch. + +91.7.0esr-1 [Wed, 09 Mar 2022 06:47:37 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-11, also known as + CVE-2022-26383, CVE-2022-26384, CVE-2022-26387, CVE-2022-26381, + CVE-2022-26386. + 91.6.1esr-1~deb9u1 [Mon, 07 Mar 2022 08:11:46 +0100] Emilio Pozuelo Monfort <pochu@debian.org>: * Backport to stretch. <http://piuparts.knut.univention.de/4.4-8/#1361312530924759693>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] f71c141150 Bug #54545: firefox-esr 91.7.0esr-1~deb9u1 doc/errata/staging/firefox-esr.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1195>