[gentoo-announce] [ GLSA 202202-03 ] Mozilla Firefox: Multiple vulnerabilities

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202202-03 – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – security.gentoo.org/ – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Severity: High Title: Mozilla Firefox: Multiple vulnerabilities Date: February 21, 2022 Bugs: #802768, #807947, #813498, #821385, #828538, #831039, #832992 ID: 202202-03
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Synopsis ========
Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.
Background ==========
Mozilla Firefox is a popular open-source web browser from the Mozilla project.
Affected packages =================
——————————————————————- Package / Vulnerable / Unaffected ——————————————————————- 1 www-client/firefox < 91.6.0 >= 91.6.0:esr >= 97.0:rapid 2 www-client/firefox-bin < 91.6.0 >= 91.6.0:esr >= 97.0:rapid
Description ===========
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.
Impact ======
Please review the referenced CVE identifiers for details.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All Mozilla Firefox ESR users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/firefox-91.6.0:esr”
All Mozilla Firefox ESR binary users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/firefox-bin-91.6.0:esr”
All Mozilla Firefox users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/firefox-97.0:rapid”
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge –sync # emerge –ask –oneshot –verbose “>=www-client/firefox-bin-97.0:rapid”
References ==========
[ 1 ] CVE-2021-29970 nvd.nist.gov/vuln/detail/CVE-2021-29970 [ 2 ] CVE-2021-29972 nvd.nist.gov/vuln/detail/CVE-2021-29972 [ 3 ] CVE-2021-29974 nvd.nist.gov/vuln/detail/CVE-2021-29974 [ 4 ] CVE-2021-29975 nvd.nist.gov/vuln/detail/CVE-2021-29975 [ 5 ] CVE-2021-29976 nvd.nist.gov/vuln/detail/CVE-2021-29976 [ 6 ] CVE-2021-29977 nvd.nist.gov/vuln/detail/CVE-2021-29977 [ 7 ] CVE-2021-29980 nvd.nist.gov/vuln/detail/CVE-2021-29980 [ 8 ] CVE-2021-29981 nvd.nist.gov/vuln/detail/CVE-2021-29981 [ 9 ] CVE-2021-29982 nvd.nist.gov/vuln/detail/CVE-2021-29982 [ 10 ] CVE-2021-29984 nvd.nist.gov/vuln/detail/CVE-2021-29984 [ 11 ] CVE-2021-29985 nvd.nist.gov/vuln/detail/CVE-2021-29985 [ 12 ] CVE-2021-29986 nvd.nist.gov/vuln/detail/CVE-2021-29986 [ 13 ] CVE-2021-29987 nvd.nist.gov/vuln/detail/CVE-2021-29987 [ 14 ] CVE-2021-29988 nvd.nist.gov/vuln/detail/CVE-2021-29988 [ 15 ] CVE-2021-29989 nvd.nist.gov/vuln/detail/CVE-2021-29989 [ 16 ] CVE-2021-29990 nvd.nist.gov/vuln/detail/CVE-2021-29990 [ 17 ] CVE-2021-30547 nvd.nist.gov/vuln/detail/CVE-2021-30547 [ 18 ] CVE-2021-38491 nvd.nist.gov/vuln/detail/CVE-2021-38491 [ 19 ] CVE-2021-38493 nvd.nist.gov/vuln/detail/CVE-2021-38493 [ 20 ] CVE-2021-38495 nvd.nist.gov/vuln/detail/CVE-2021-38495 [ 21 ] CVE-2021-38503 nvd.nist.gov/vuln/detail/CVE-2021-38503 [ 22 ] CVE-2021-38504 nvd.nist.gov/vuln/detail/CVE-2021-38504 [ 23 ] CVE-2021-38506 nvd.nist.gov/vuln/detail/CVE-2021-38506 [ 24 ] CVE-2021-38507 nvd.nist.gov/vuln/detail/CVE-2021-38507 [ 25 ] CVE-2021-38508 nvd.nist.gov/vuln/detail/CVE-2021-38508 [ 26 ] CVE-2021-38509 nvd.nist.gov/vuln/detail/CVE-2021-38509 [ 27 ] CVE-2021-4129 nvd.nist.gov/vuln/detail/CVE-2021-4129 [ 28 ] CVE-2021-4140 nvd.nist.gov/vuln/detail/CVE-2021-4140 [ 29 ] CVE-2021-43536 nvd.nist.gov/vuln/detail/CVE-2021-43536 [ 30 ] CVE-2021-43537 nvd.nist.gov/vuln/detail/CVE-2021-43537 [ 31 ] CVE-2021-43538 nvd.nist.gov/vuln/detail/CVE-2021-43538 [ 32 ] CVE-2021-43539 nvd.nist.gov/vuln/detail/CVE-2021-43539 [ 33 ] CVE-2021-43540 nvd.nist.gov/vuln/detail/CVE-2021-43540 [ 34 ] CVE-2021-43541 nvd.nist.gov/vuln/detail/CVE-2021-43541 [ 35 ] CVE-2021-43542 nvd.nist.gov/vuln/detail/CVE-2021-43542 [ 36 ] CVE-2021-43543 nvd.nist.gov/vuln/detail/CVE-2021-43543 [ 37 ] CVE-2021-43545 nvd.nist.gov/vuln/detail/CVE-2021-43545 [ 38 ] CVE-2021-43546 nvd.nist.gov/vuln/detail/CVE-2021-43546 [ 39 ] CVE-2022-0511 nvd.nist.gov/vuln/detail/CVE-2022-0511 [ 40 ] CVE-2022-22737 nvd.nist.gov/vuln/detail/CVE-2022-22737 [ 41 ] CVE-2022-22738 nvd.nist.gov/vuln/detail/CVE-2022-22738 [ 42 ] CVE-2022-22739 nvd.nist.gov/vuln/detail/CVE-2022-22739 [ 43 ] CVE-2022-22740 nvd.nist.gov/vuln/detail/CVE-2022-22740 [ 44 ] CVE-2022-22741 nvd.nist.gov/vuln/detail/CVE-2022-22741 [ 45 ] CVE-2022-22742 nvd.nist.gov/vuln/detail/CVE-2022-22742 [ 46 ] CVE-2022-22743 nvd.nist.gov/vuln/detail/CVE-2022-22743 [ 47 ] CVE-2022-22745 nvd.nist.gov/vuln/detail/CVE-2022-22745 [ 48 ] CVE-2022-22747 nvd.nist.gov/vuln/detail/CVE-2022-22747 [ 49 ] CVE-2022-22748 nvd.nist.gov/vuln/detail/CVE-2022-22748 [ 50 ] CVE-2022-22751 nvd.nist.gov/vuln/detail/CVE-2022-22751 [ 51 ] CVE-2022-22753 nvd.nist.gov/vuln/detail/CVE-2022-22753 [ 52 ] CVE-2022-22754 nvd.nist.gov/vuln/detail/CVE-2022-22754 [ 53 ] CVE-2022-22755 nvd.nist.gov/vuln/detail/CVE-2022-22755 [ 54 ] CVE-2022-22756 nvd.nist.gov/vuln/detail/CVE-2022-22756 [ 55 ] CVE-2022-22757 nvd.nist.gov/vuln/detail/CVE-2022-22757 [ 56 ] CVE-2022-22758 nvd.nist.gov/vuln/detail/CVE-2022-22758 [ 57 ] CVE-2022-22759 nvd.nist.gov/vuln/detail/CVE-2022-22759 [ 58 ] CVE-2022-22760 nvd.nist.gov/vuln/detail/CVE-2022-22760 [ 59 ] CVE-2022-22761 nvd.nist.gov/vuln/detail/CVE-2022-22761 [ 60 ] CVE-2022-22762 nvd.nist.gov/vuln/detail/CVE-2022-22762 [ 61 ] CVE-2022-22763 nvd.nist.gov/vuln/detail/CVE-2022-22763 [ 62 ] CVE-2022-22764 nvd.nist.gov/vuln/detail/CVE-2022-22764 [ 63 ] MOZ-2021-0004 [ 64 ] MOZ-2021-0005 [ 65 ] MOZ-2021-0006 [ 66 ] MOZ-2021-0007 [ 67 ] MOZ-2021-0008
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
security.gentoo.org/glsa/202202-03
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users’ machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at bugs.gentoo.org.
License =======
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons – Attribution / Share Alike license.
creativecommons.org/licenses/by-sa/2.5