Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryFedorasystem updateFedora 40 Update: 2024-31b196eaf1 Moderate: SeaMonkey 2.53.18.2
Update to 2.53.18.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-31b196eaf1 2024-04-01 00:15:12.467434 -------------------------------------------------------------------------------- Name : seamonkey Product : Fedora 40 Version : 2.53.18.2 Release : 1.fc40 URL : https://www.seamonkey-project.org/ Summary : Web browser, e-mail, news, IRC client, HTML editor Description : SeaMonkey is an all-in-one Internet application suite (previously made popular by Netscape and Mozilla). It includes an Internet browser, advanced e-mail, newsgroup and feed client, a calendar, IRC client, HTML editor and a tool to inspect the DOM for web pages. It is derived from the application formerly known as Mozilla Application Suite. -------------------------------------------------------------------------------- Update Information: Update to 2.53.18.2 -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 23 2024 Dmitry Butskoy 2.53.18.2-1 - update to 2.53.18.2 - add patch for system icu-74.1 (mozbz 1862601) -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-31b196eaf1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Apr 01, 2024
•Important
Fedora
98
security advisoryRed HatimportantRed Hat 8.6: RHSA-2023-4069-01 Important: Firefox Use-After-Free
An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:4069-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:4069 Issue date: 2023-07-13 CVE Names: CVE-2023-37201 CVE-2023-37202 CVE-2023-37207 CVE-2023-37208 CVE-2023-37211 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.13.0 ESR. Security Fix(es): * Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202) * Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211) * Mozilla: Fullscreen notification obscured (CVE-2023-37207) * Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2219747 - CVE-2023-37201 Mozilla: Use-after-free in WebRTC certificate generation 2219748 - CVE-2023-37202 Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey 2219749 - CVE-2023-37207 Mozilla: Fullscreen notification obscured 2219750 - CVE-2023-37208 Mozilla: Lack of warning when opening Diagcab files 2219751 - CVE-2023-37211 Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.6): Source: firefox-102.13.0-2.el8_6.src.rpm aarch64: firefox-102.13.0-2.el8_6.aarch64.rpm firefox-debuginfo-102.13.0-2.el8_6.aarch64.rpm firefox-debugsource-102.13.0-2.el8_6.aarch64.rpm ppc64le: firefox-102.13.0-2.el8_6.ppc64le.rpm firefox-debuginfo-102.13.0-2.el8_6.ppc64le.rpm firefox-debugsource-102.13.0-2.el8_6.ppc64le.rpm s390x: firefox-102.13.0-2.el8_6.s390x.rpm firefox-debuginfo-102.13.0-2.el8_6.s390x.rpm firefox-debugsource-102.13.0-2.el8_6.s390x.rpm x86_64: firefox-102.13.0-2.el8_6.x86_64.rpm firefox-debuginfo-102.13.0-2.el8_6.x86_64.rpm firefox-debugsource-102.13.0-2.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-37201 https://access.redhat.com/security/cve/CVE-2023-37202 https://access.redhat.com/security/cve/CVE-2023-37207 https://access.redhat.com/security/cve/CVE-2023-37208 https://access.redhat.com/security/cve/CVE-2023-37211 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJkr/52AAoJENzjgjWX9erEO4IP/20TD+TegzvlFuF+5fFZFOd9 /d8T154SFK89s50XfTsCOackvzJB6snmNvgzE80gAuOfJ8sevkuvDCeLNSAsuQgp l2vGGA5mHxw8ufBfnL55RLO0Zh1pe2+ROJEXCnVd+DvU1QxKSquSyvkEVmJyEGgy hTk6gI1jMsNkh1zniArhhHXacuVMWY3Yy3+475ShrkVsvZp1fK9Vucjeki2c8G3J fLK6FXiz0JeZ+7dCUkzQjGZ3RTd47hUu6/DNYt2o8Vbq/0xzAKDQNeLugj8fvQOO UyECHU0WAd+eOXPNbWOprEdeHJw71ImJRm9cKlX32OIDjIMJq1P3z6Qd/A2uDSvU TPJligS+3ibKRu+wGiQ4qX7mhqpakYOpO09y0u+RouGBdCg8+MOTgc5JBVbbBBmx jG08j5+UeQMwH930mBqFKKxXajJ5CrHbwzdI84zNEDQKFsmmaPl+jdFI6t47buJD nqMmLLjYEusDcm7+deqOUxPDGSPDnRVnZlYnNDw8B58JFXowURn1J93qVnAq3lm0 Vz8ff2JoI0NUwCY8Hy5hqc2AoIECeXNMQxAshmsSAQCqS1fbPwnvpH2rnAoBy7TY ixUxgHjcrkJ9StMOJg8LwNycyMxdYDpATy6skooNvLXTwi3JjpqfxhCetsRg96dZ JLmZLVimCXiSWzjvkkZi =vQ5y -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 13, 2023
•Important
Red Hat
98
security advisoryRed Hat Enterprise Linuxsecurity impactRed Hat Enterprise Linux 9 Firefox Important Update RHSA-2023:1364-01 CVE-2023-25751
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2023:1364-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:1364 Issue date: 2023-03-21 CVE Names: CVE-2023-25751 CVE-2023-25752 CVE-2023-28162 CVE-2023-28164 CVE-2023-28176 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.9.0 ESR. Security Fix(es): * Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751) * Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176) * Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752) * Mozilla: Invalid downcast in Worklets (CVE-2023-28162) * Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2178458 - CVE-2023-25751 Mozilla: Incorrect code generation during JIT compilation 2178460 - CVE-2023-25752 Mozilla: Potential out-of-bounds when accessing throttled streams 2178466 - CVE-2023-28162 Mozilla: Invalid downcast in Worklets 2178470 - CVE-2023-28164 Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation 2178472 - CVE-2023-28176 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.9.0): Source: firefox-102.9.0-3.el9_0.src.rpm aarch64: firefox-102.9.0-3.el9_0.aarch64.rpm firefox-debuginfo-102.9.0-3.el9_0.aarch64.rpm firefox-debugsource-102.9.0-3.el9_0.aarch64.rpm ppc64le: firefox-102.9.0-3.el9_0.ppc64le.rpm firefox-debuginfo-102.9.0-3.el9_0.ppc64le.rpm firefox-debugsource-102.9.0-3.el9_0.ppc64le.rpm s390x: firefox-102.9.0-3.el9_0.s390x.rpm firefox-debuginfo-102.9.0-3.el9_0.s390x.rpm firefox-debugsource-102.9.0-3.el9_0.s390x.rpm x86_64: firefox-102.9.0-3.el9_0.x86_64.rpm firefox-debuginfo-102.9.0-3.el9_0.x86_64.rpm firefox-debugsource-102.9.0-3.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2023-25751 https://access.redhat.com/security/cve/CVE-2023-25752 https://access.redhat.com/security/cve/CVE-2023-28162 https://access.redhat.com/security/cve/CVE-2023-28164 https://access.redhat.com/security/cve/CVE-2023-28176 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZBxe+dzjgjWX9erEAQjeAw//YiaAdnTxG0F1kk0PSqFekGHplRtUJXbz UcJ+WcR26AQWPeGC3ppikpBKcD7GDPVPT+n8AzTXUL67MX5C8yAVUwlVXA2gNJjE MBKkJnDUauLd7wugCMZgMzpCijr2Xk8FhLJ5lsQqKMIWiuMF8Vz4r4WCaNX08MNX eXtiGfnC1oIU0WHyXRo4EvONk/YSiIxBF+mD9HB2vXxyiGKso9grhmPx8UzZh7hp AZSVCKGVqA5Ywb6V613yF0FR0EUk0fjOm+NEW2c/CEcZZtO5lAQwv3T+9xZm7boa QMdjzb+wBYVY8Uodhg0X7ixdes1zh0GtKnYx62275aoQkKkSKEzy50gXKT1DjStV 8UysrtkgS0T5quPXD8To5MgQ1snoAEbPlchiqZwgeui33p9hzrKBq5qTlJi1gP2w 9LMxjegTATK1MG2YjmvOO88smcI//6JMeAqusYGktawKac0cGcSXkZPN1YOTldB9 ACezFBAhjihoQjekq5RnWQG63JfMgDYVDyJjIWCNifOiZfVEpq/68Kr8+bGSl3EE eYFEYOcNdy0IUcWHelA+xrxyA6qtAggYTt4HVAXqfrfGKNc1IG9+tPXmb/PPzyaS 0I3IuxEa1fAWvf98WvEEFE7T/JDZ8wOWH1mquH73uY//B4hoKCdC9Q7iScsor0EP LfZTHDn+9N4=Iz91 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Mar 23, 2023
•Important
Red Hat
98
security advisoryRed Hat Enterprise LinuximportantRed Hat 8: Firefox Important Sec Update DoS RHSA-2022:6702-01
An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:6702-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6702 Issue date: 2022-09-26 CVE Names: CVE-2022-40956 CVE-2022-40957 CVE-2022-40958 CVE-2022-40959 CVE-2022-40960 CVE-2022-40962 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Security Fix(es): * Mozilla: Bypassing FeaturePolicy restrictions on transient pages (CVE-2022-40959) * Mozilla: Data-race when parsing non-UTF-8 URLs in threads (CVE-2022-40960) * Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 (CVE-2022-40962) * Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix (CVE-2022-40958) * Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956) * Mozilla: Incoherent instruction cache whenbuilding WASM on ARM64 (CVE-2022-40957) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages 2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads 2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix 2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass 2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64 2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: firefox-102.3.0-6.el8_6.src.rpm aarch64: firefox-102.3.0-6.el8_6.aarch64.rpm firefox-debuginfo-102.3.0-6.el8_6.aarch64.rpm firefox-debugsource-102.3.0-6.el8_6.aarch64.rpm ppc64le: firefox-102.3.0-6.el8_6.ppc64le.rpm firefox-debuginfo-102.3.0-6.el8_6.ppc64le.rpm firefox-debugsource-102.3.0-6.el8_6.ppc64le.rpm s390x: firefox-102.3.0-6.el8_6.s390x.rpm firefox-debuginfo-102.3.0-6.el8_6.s390x.rpm firefox-debugsource-102.3.0-6.el8_6.s390x.rpm x86_64: firefox-102.3.0-6.el8_6.x86_64.rpm firefox-debuginfo-102.3.0-6.el8_6.x86_64.rpm firefox-debugsource-102.3.0-6.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7.References: https://access.redhat.com/security/cve/CVE-2022-40956 https://access.redhat.com/security/cve/CVE-2022-40957 https://access.redhat.com/security/cve/CVE-2022-40958 https://access.redhat.com/security/cve/CVE-2022-40959 https://access.redhat.com/security/cve/CVE-2022-40960 https://access.redhat.com/security/cve/CVE-2022-40962 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYzH0b9zjgjWX9erEAQjsCA//RRcwMcwRGfgQ9cAGMZ3ba3+kMmPoAxTP NkvTCyngoO+dEnyUWyOBW5VjdHW4Oswj8ZwQyW2JDBhvgveh7+5UOpjSOy242cJ/ 3etJgTwowzzD0LbwooeYHn4n/GDTlLJyZ0m0EE8agAnxYqDKElQ6mGhkSeayueuq gc4s+R0J2p7eiEZ5Wng5JuDLjNoGbblYkHoQcEeIhC4vyOwsDkDwKLWkWyiO55H8 k2i+ZV/ae8f/rvui43qMShUTxS/8UtWFTvdVQeGP4sS39oi0tFBH75gsSW8Xy0zE A9JxAIjisdrIMlAyg2s44eMef2vQUxSYpwlPsJ7LIumtOmG6Wz3TTViz2fWnqxdP iZMENdC6YHW+abLlYQreRoYP5a2HtqmTkX5j1B30wsmJnhSNByJ0YLcDRXedIKtG 2toV40uX/ECoLqeD1Xm0RP2AHaUABkxhjT7FNBHTSCeV8y4+JFpIIZR8hbSg0eho m47FitR2dRmCyA7EI5TUD05lzumBLRQGd5ULvgdZMdIffV46gX9iwTXTxERI48Dg 6WsJ59cwjyGeWHUeG/pIGJxW+jh+bdAK/CUvMhidzgx5FCb/IEXTKANhzSPyZ5ro a3+jGPtroycoaOvMuc6bTjkMzF88EXCucDdBba5tTfs0z8ho5ZqEoSFpYiAafqaf 2qaEr+QRDNk=IkCE -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Sep 26, 2022
•Important
Red Hat
98
security advisoryred hatimportantRed Hat: RHSA-2022-6176-01 Important: Firefox Security Update
An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score,. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: firefox security update Advisory ID: RHSA-2022:6176-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:6176 Issue date: 2022-08-24 CVE Names: CVE-2022-38472 CVE-2022-38473 CVE-2022-38476 CVE-2022-38477 CVE-2022-38478 ==================================================================== 1. Summary: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.13.0 ESR. Security Fix(es): * Mozilla: Address bar spoofing via XSLT error handling (CVE-2022-38472) * Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions (CVE-2022-38473) * Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 (CVE-2022-38477) * Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 (CVE-2022-38478) * Mozilla: Data race and potential use-after-free in PK11_ChangePW (CVE-2022-38476) For more details about the security issue(s),including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the update, Firefox must be restarted for the changes to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2120673 - CVE-2022-38472 Mozilla: Address bar spoofing via XSLT error handling 2120674 - CVE-2022-38473 Mozilla: Cross-origin XSLT Documents would have inherited the parent's permissions 2120678 - CVE-2022-38476 Mozilla: Data race and potential use-after-free in PK11_ChangePW 2120695 - CVE-2022-38477 Mozilla: Memory safety bugs fixed in Firefox 104 and Firefox ESR 102.2 2120696 - CVE-2022-38478 Mozilla: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2, and Firefox ESR 91.13 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.8.4): Source: firefox-91.13.0-1.el8_4.src.rpm aarch64: firefox-91.13.0-1.el8_4.aarch64.rpm firefox-debuginfo-91.13.0-1.el8_4.aarch64.rpm firefox-debugsource-91.13.0-1.el8_4.aarch64.rpm ppc64le: firefox-91.13.0-1.el8_4.ppc64le.rpm firefox-debuginfo-91.13.0-1.el8_4.ppc64le.rpm firefox-debugsource-91.13.0-1.el8_4.ppc64le.rpm s390x: firefox-91.13.0-1.el8_4.s390x.rpm firefox-debuginfo-91.13.0-1.el8_4.s390x.rpm firefox-debugsource-91.13.0-1.el8_4.s390x.rpm x86_64: firefox-91.13.0-1.el8_4.x86_64.rpm firefox-debuginfo-91.13.0-1.el8_4.x86_64.rpm firefox-debugsource-91.13.0-1.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-38472 https://access.redhat.com/security/cve/CVE-2022-38473 https://access.redhat.com/security/cve/CVE-2022-38476 https://access.redhat.com/security/cve/CVE-2022-38477 https://access.redhat.com/security/cve/CVE-2022-38478 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYwa9qdzjgjWX9erEAQiMpw//cIoDqmld19+5rcBWMfkPztLrjNA5njNe L8X2N0/6JteczLtZu508HoirPjoYeTXFFA8PuZiuZcfkkaX0XFWKaV9sbhTsX0J8 nzlAN7FD/rZWcLuxYrlupzwnHq8T43NoAfkwyNQasH5C2upYoigKk0W4lVFRp+w7 SyfgS3Ik9TLQmkUfho+bP/Dd9HsardUwqBCy//ZxHDEJv5lXVZv0ZYZbVjAUjK3F xUqMppq9o9wkMFOfiGyzBEMhH5VmDTPgOLW5LVEwJlq4DiTBNjBFv6ftTwMOAcEl hCobnrO/pA07B6p2JSpHz0tr5AW6ZFBMyqyGX1Hfuzv0tMo5hrAOBo1iclBUGomG OervxcbOyqIcpd369Bb+bez/e8aeunZhJ2Al0qCQU0t+CDj3KyO8mmem7aItiD5Z o3Axcb/UwWl0zyDU87lv9AemrdLyQqC2Tak33ZfYtlqp6mFbzpu+RrtS+UzeDOe3 uFumUpyK3cIPTTDYAvYcustp8HT5e0OTS5s8Oh83Nw2u2Aifuu80ASXb27xvRxht +SGfp7brKSS+rYOTY8odI4kB2tCaMjWI4V4VmMl2HNBCe5KjKr+0vbpZ8nxf2hsE bzOOUQ1yIegBnko9BggDSt49jaGkhhrGpGdcbPKFZnGaUefNOw0E7cQbcNkDgvBQ ZXIRIfQeRj0=zXwY -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Aug 24, 2022
•Important
Red Hat
91
security advisorygentoocode executionGentoo: GLSA-201811-04 Normal: Firefox Arbitrary Code Execution Threat
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Mozilla Firefox: Multiple vulnerabilities Date: November 09, 2018 Bugs: #669430 ID: 201811-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which may allow execution of arbitrary code. Background ========= Mozilla Firefox is a popular open-source web browser from the Mozilla Project. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-client/firefox < 60.3.0 > = 60.3.0 2 www-client/firefox-bin < 60.3.0 > = 60.3.0 ------------------------------------------------------------------- 2 affected packages Description ========== Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could entice a user to view a specially crafted web page, possibly resulting in the execution of arbitrary code with the privileges of the process, cause a Denial of Service condition, bypass access restriction, access otherwise protected information. Workaround ========= There is no known workaround at this time. Resolution ========= All Mozilla Firefox users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot --verbose "> =www-client/firefox-60.3.0" All Mozilla Firefox binary users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-client/firefox-bin-60.3.0" References ========= [ 1 ] CVE-2018-12389 https://nvd.nist.gov/vuln/detail/CVE-2018-12389 [ 2 ] CVE-2018-12390 https://nvd.nist.gov/vuln/detail/CVE-2018-12390 [ 3 ] CVE-2018-12392 https://nvd.nist.gov/vuln/detail/CVE-2018-12392 [ 4 ] CVE-2018-12393 https://nvd.nist.gov/vuln/detail/CVE-2018-12393 [ 5 ] CVE-2018-12395 https://nvd.nist.gov/vuln/detail/CVE-2018-12395 [ 6 ] CVE-2018-12396 https://nvd.nist.gov/vuln/detail/CVE-2018-12396 [ 7 ] CVE-2018-12397 https://nvd.nist.gov/vuln/detail/CVE-2018-12397 [ 8 ] Mozilla Foundation Security Advisory 2018-27 https://www.mozilla.org/en-US/security/advisories/mfsa2018-27/ Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201811-04 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Nov 09, 2018
Gentoo
89
security advisorysecurity issuefedoraFedora 21: FEDORA-2015-5702 Critical: Firefox 37.0.1 Security Issue
New upstream version - 37.0.1. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-5702 2015-04-08 03:24:32 -------------------------------------------------------------------------------- Name : firefox Product : Fedora 21 Version : 37.0.1 Release : 1.fc21 URL : Summary : Mozilla Firefox Web browser Description : Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. -------------------------------------------------------------------------------- Update Information: New upstream version - 37.0.1 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2015 Martin Stransky - 37.0.1-1 - Update to 37.0.1 * Mon Apr 6 2015 Tom Callaway - 37.0-4 - rebuild for libvpx 1.4.0 * Tue Mar 31 2015 Marcin Juszkiewicz - 37.0-3 - Fix build on AArch64 (based on upstream skia changes) * Fri Mar 27 2015 Martin Stransky - 37.0-2 - Added tooltip patch (mozbz#1144643) * Fri Mar 27 2015 Martin Stransky - 37.0-1 - Update to 37.0 Build 2 * Thu Mar 26 2015 Richard Hughes - 36.0.4-2 - Add an AppData file for the software center * Sat Mar 21 2015 Martin Stransky - 36.0.4-1 - Update to 36.0.4 * Fri Mar 20 2015 Martin Stransky - 36.0.3-1 - Update to 36.0.3 * Tue Mar 17 2015 Martin Stransky - 36.0.1-6 - Fixed rhbz#1201527 - [GTK3] Scrollbars in Firefox are not consistent with the rest of the desktop * Tue Mar 10 2015 Martin Stransky - 36.0.1-5 - Arm build fix * Mon Mar 9 2015 Jan Horak - 36.0.1-1 - Update to 36.0.1 * Fri Mar 6 2015 Martin Stransky - 36.0-4 - ppc64le build fix * Thu Mar 5 2015 Martin Stransky - 36.0-3 - Added back the removed "-remote" option - Fixed rhbz#1198965 - mozilla-xremote-client has been removed, langpack installation may be broken * Tue Mar 3 2015 Martin Stransky - 36.0-2 - Enable Skia for all arches (rhbz#1197007) * Fri Feb 20 2015 Jan Horak - 36.0-1 - Update to 36.0 * MonFeb 9 2015 Martin Stransky - 35.0.1-5 - Fixed rhbz#1190774 - update usear agent string for Fedora * Wed Feb 4 2015 Petr Machata - 35.0.1-4 - Bump for rebuild. * Tue Jan 27 2015 Martin Stransky - 35.0.1-3 - Backed out the flash click-to-play setup * Mon Jan 26 2015 David Tardon - 35.0.1-2 - rebuild for ICU 54.1 * Fri Jan 23 2015 Martin Stransky - 35.0.1-1 - New upstream version * Thu Jan 22 2015 Martin Stransky - 35.0-7 - Updated hiDPI patch to upstream version (mozbz#975919) * Thu Jan 22 2015 Martin Stransky - 35.0-6 - Disabled flash by default because of 0day live flash exploit (see https://isc.sans.edu/diary/Flash+0-Day+Exploit+Used+by+Angler+Exploit+Kit/19213) * Mon Jan 19 2015 Martin Stransky - 35.0-5 - Enable release build config - Gtk3 - added patch for HiDPI support (mozbz#975919) * Mon Jan 19 2015 Martin Stransky - 35.0-4 - Gtk3 - fixed tabs rendering * Wed Jan 14 2015 Martin Stransky - 35.0-3 - Gtk3 - replaced obsoleted focus properties - Make start.fedoraproject.org the homepage * Mon Jan 12 2015 Martin Stransky - 35.0-2 - Update to 35.0 Build 3 - Gtk3 - added fix for button/entry box sizes - Gtk3 - added fix for button/entry focus sizes - Spec clean-up (by
Apr 09, 2015
•Critical
Fedora
89
security advisorymoderatemozillaFedora Core 2: FEDORA-2005-271 Moderate: Mozilla 1.7.6 Web Browser Update
This update supercedes the previous 1.7.6-1.2.2 which mistakenly had dependencies on FC3.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2005-271 2005-03-28 ---------------------------------------------------------------------Product : Fedora Core 2 Name : mozilla Version : 1.7.6 Release : 1.2.5 Summary : Web browser and mail reader Description : Mozilla is an open-source web browser, designed for standards compliance, performance and portability. ---------------------------------------------------------------------Update Information: This update supercedes the previous 1.7.6-1.2.2 which mistakenly had dependencies on FC3. ---------------------------------------------------------------------* Sun Mar 27 2005 Warren Togami 37:1.7.6-1.2.5 - reduce desktop-file-utils version dep (#152220) - remove update-desktop-database from scriptlets - fix gtk system colors ---------------------------------------------------------------------This update can be downloaded from: 2e93d64716ab25839f67b4f917063b9a SRPMS/mozilla-1.7.6-1.2.5.src.rpm 91b036318cc6002d1731c129bcf96e28 x86_64/mozilla-1.7.6-1.2.5.x86_64.rpm 167409ffa36f06cb37040b017beae889 x86_64/mozilla-nspr-1.7.6-1.2.5.x86_64.rpm 4f8e912a56ceb281c7a66c186baf069a x86_64/mozilla-nspr-devel-1.7.6-1.2.5.x86_64.rpm 232fee0dce85b49c566d8e4e28b31f9e x86_64/mozilla-nss-1.7.6-1.2.5.x86_64.rpm 81720a50b5bb0dfec1115fd8b7918f80 x86_64/mozilla-nss-devel-1.7.6-1.2.5.x86_64.rpm fb05b71bd4105fcdb4a04fe6b0431fc5 x86_64/mozilla-devel-1.7.6-1.2.5.x86_64.rpm abf590b8ee56af3535896a6a1eceeceb x86_64/mozilla-mail-1.7.6-1.2.5.x86_64.rpm 2c417c12dced865f0db37366194cce40 x86_64/mozilla-chat-1.7.6-1.2.5.x86_64.rpm 793aa4347fc4d16f6512a02729848386 x86_64/mozilla-js-debugger-1.7.6-1.2.5.x86_64.rpm 49d841233ba022cc051988fea7587878 x86_64/mozilla-dom-inspector-1.7.6-1.2.5.x86_64.rpm cf3c2ad6594e716420e67e6fea532874 x86_64/debug/mozilla-debuginfo-1.7.6-1.2.5.x86_64.rpm 48d99f4bd366216969bc05ebd908cd44 x86_64/mozilla-1.7.6-1.2.5.i386.rpm 7e2aac09061264fb116a2cc9b3b79163 x86_64/mozilla-nspr-1.7.6-1.2.5.i386.rpm 9ebe8c00e8c30ee88c5f5641a6d001ae x86_64/mozilla-nspr-devel-1.7.6-1.2.5.i386.rpm e285cc9470a1f44bb73ae3fc0c80052e x86_64/mozilla-nss-1.7.6-1.2.5.i386.rpm 30cceceae8c08f7852e888fccc291022 x86_64/mozilla-nss-devel-1.7.6-1.2.5.i386.rpm 8dd4ba6d84b9b08858418a9b69c92f1a x86_64/mozilla-devel-1.7.6-1.2.5.i386.rpm 40ef06bf418a697459dd5fd8de993b38 x86_64/mozilla-mail-1.7.6-1.2.5.i386.rpm 5d4f779684f7ce732efe000db14b57e0 x86_64/mozilla-chat-1.7.6-1.2.5.i386.rpm 09c4c881300fa51e530a8f821bf36843 x86_64/mozilla-js-debugger-1.7.6-1.2.5.i386.rpm 6cbb56a9c8196d8956a98fc3fddadeef x86_64/mozilla-dom-inspector-1.7.6-1.2.5.i386.rpm 48d99f4bd366216969bc05ebd908cd44 i386/mozilla-1.7.6-1.2.5.i386.rpm 7e2aac09061264fb116a2cc9b3b79163 i386/mozilla-nspr-1.7.6-1.2.5.i386.rpm 9ebe8c00e8c30ee88c5f5641a6d001ae i386/mozilla-nspr-devel-1.7.6-1.2.5.i386.rpm e285cc9470a1f44bb73ae3fc0c80052e i386/mozilla-nss-1.7.6-1.2.5.i386.rpm 30cceceae8c08f7852e888fccc291022 i386/mozilla-nss-devel-1.7.6-1.2.5.i386.rpm 8dd4ba6d84b9b08858418a9b69c92f1a i386/mozilla-devel-1.7.6-1.2.5.i386.rpm 40ef06bf418a697459dd5fd8de993b38 i386/mozilla-mail-1.7.6-1.2.5.i386.rpm 5d4f779684f7ce732efe000db14b57e0 i386/mozilla-chat-1.7.6-1.2.5.i386.rpm 09c4c881300fa51e530a8f821bf36843 i386/mozilla-js-debugger-1.7.6-1.2.5.i386.rpm 6cbb56a9c8196d8956a98fc3fddadeef i386/mozilla-dom-inspector-1.7.6-1.2.5.i386.rpm 4fb7a370ac1ae8eecb2235f5f75fb296 i386/debug/mozilla-debuginfo-1.7.6-1.2.5.i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. -----------------------------------------------------------------------fedora-announce-list mailing list
Mar 29, 2005
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!