Univention Bugzilla – Bug 54730
firefox-esr: Multiple issues (5.0)
Last modified: 2022-05-11 17:52:30 CEST
New Debian firefox-esr 91.9.0esr-1~deb10u1 fixes: This update addresses the following issues: * Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * iframe Sandbox bypass (CVE-2022-29911) * Reader mode bypassed SameSite cookies (CVE-2022-29912) * Fullscreen notification bypass using popups (CVE-2022-29914) * Leaking browser history with CSS variables (CVE-2022-29916) * Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 (CVE-2022-29917)
--- mirror/ftp/pool/main/f/firefox-esr/firefox-esr_91.8.0esr-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-1/source/firefox-esr_91.9.0esr-1~deb10u1.dsc @@ -1,3 +1,10 @@ +91.9.0esr-1~deb10u1 [Wed, 04 May 2022 06:43:23 +0900] Mike Hommey <glandium@debian.org>: + + * New upstream release. + * Fixes for mfsa2022-17, also known as + CVE-2022-29914, CVE-2022-29909, CVE-2022-29916, CVE-2022-29911, + CVE-2022-29912, CVE-2022-29917. + 91.8.0esr-1~deb10u1 [Wed, 06 Apr 2022 08:13:44 +0900] Mike Hommey <glandium@debian.org>: * New upstream release. <http://piuparts.knut.univention.de/5.0-1/#6877910333357012110>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-1] dfc87e1d46 Bug #54730: firefox-esr 91.9.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) [5.0-1] f29b4740d2 Bug #54730: firefox-esr 91.9.0esr-1~deb10u1 doc/errata/staging/firefox-esr.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x303>