Synopsis: Important: firefox security update
Advisory ID: SLSA-2022:0514-1
Issue Date: 2022-02-14
CVE Numbers: CVE-2022-22754
CVE-2022-22756
CVE-2022-22760
CVE-2022-22761
CVE-2022-22763
CVE-2022-22759
CVE-2022-22764
—
This update upgrades Firefox to version 91.6.0 ESR.
Security Fix(es):
* Mozilla: Extensions could have bypassed permission confirmation during
update (CVE-2022-22754)
* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6
(CVE-2022-22764)
* Mozilla: Drag and dropping an image could have resulted in the dropped
object being an executable (CVE-2022-22756)
* Mozilla: Sandboxed iframes could have executed script if the parent
appended elements (CVE-2022-22759)
* Mozilla: Cross-Origin responses could be distinguished between script
and non-script content-types (CVE-2022-22760)
* Mozilla: frame-ancestors Content Security Policy directive was not
enforced for framed extension pages (CVE-2022-22761)
* Mozilla: Script Execution during invalid object state (CVE-2022-22763)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
—
SL7
x86_64
firefox-91.6.0-1.el7_9.x86_64.rpm
firefox-debuginfo-91.6.0-1.el7_9.x86_64.rpm
firefox-91.6.0-1.el7_9.i686.rpm
– Scientific Linux Development Team
