Mageia 2021-0199: firefox security update
Summary
More internal network hosts could have been probed by a malicious webpage:
Further techniques that built on the slipstream research combined with a
malicious webpage could have exposed both an internal network's hosts as well
as services running on the user's local machine (CVE-2021-23961).
Out of bound write due to lazy initialization:
A WebGL framebuffer was not initialized early enough, resulting in memory
corruption and an out of bound write (CVE-2021-23994).
Use-after-free in Responsive Design Mode:
When Responsive Design Mode was enabled, it used references to objects that
were previously freed. We presume that with enough effort this could have been
exploited to run arbitrary code (CVE-2021-23995).
Secure Lock icon could have been spoofed:
Through complicated navigations with new windows, an HTTP page could have
inherited a secure lock icon from an HTTPS page (CVE-2021-23998).
Blob URLs may have been granted additional privileges:
If a Blob URL was loaded through some unusual user interaction, it could have
been loaded by the System Principal and granted additional privileges that
should not be granted to web content (CVE-2021-23999).
References
- https://bugs.mageia.org/show_bug.cgi?id=28822
- https://www.mozilla.org/en-US/security/advisories/mfsa2021-15/
- - https://access.redhat.com/errata/RHSA-2021:1360
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23961
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23994
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23995
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23998
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23999
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24002
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29945
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29946
Resolution
MGASA-2021-0199 - Updated firefox packages fix security vulnerabilities
SRPMS
- 7/core/firefox-l10n-78.10.0-1.mga7
- 7/core/nss-3.64.0-1.mga7
- 7/core/firefox-78.10.0-1.1.mga7
- 8/core/firefox-l10n-78.10.0-1.mga8
- 8/core/nss-3.64.0-1.mga8
- 8/core/firefox-78.10.0-1.1.mga8