[ GLSA 202202-03 ] Mozilla Firefox

Message

GLSA · Post by **GLSA** » Mon Feb 21, 2022 11:26 pm

Gentoo Linux Security Advisory

Title: Mozilla Firefox: Multiple vulnerabilities ([glsa=202202-03]GLSA 202202-03[/glsa])
Severity: high
Exploitable: remote
Date: 2022-02-21
Bug(s): #802768, #807947, #813498, #821385, #828538, #831039, #832992
ID: 202202-03

Synopsis

Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could result in the arbitrary execution of code.

Background

Mozilla Firefox is a popular open-source web browser from the Mozilla project.

Affected Packages

Package: www-client/firefox
Vulnerable: < 97.0
Unaffected: >= 91.6.0
Unaffected: >= 97.0
Architectures: All supported architectures

Package: www-client/firefox-bin
Vulnerable: < 97.0
Unaffected: >= 91.6.0
Unaffected: >= 97.0
Architectures: All supported architectures

Description

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Mozilla Firefox ESR users should upgrade to the latest version:

Code: Select all

# emerge --sync
              # emerge --ask --oneshot --verbose ">=www-client/firefox-91.6.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest version:

Code: Select all

# emerge --sync
              # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-91.6.0:esr"

All Mozilla Firefox users should upgrade to the latest version:

Code: Select all

# emerge --sync
              # emerge --ask --oneshot --verbose ">=www-client/firefox-97.0:rapid"

All Mozilla Firefox binary users should upgrade to the latest version:

Code: Select all

# emerge --sync
              # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-97.0:rapid"

References

CVE-2021-29970
CVE-2021-29972
CVE-2021-29974
CVE-2021-29975
CVE-2021-29976
CVE-2021-29977
CVE-2021-29980
CVE-2021-29981
CVE-2021-29982
CVE-2021-29984
CVE-2021-29985
CVE-2021-29986
CVE-2021-29987
CVE-2021-29988
CVE-2021-29989
CVE-2021-29990
CVE-2021-30547
CVE-2021-38491
CVE-2021-38493
CVE-2021-38495
CVE-2021-38503
CVE-2021-38504
CVE-2021-38506
CVE-2021-38507
CVE-2021-38508
CVE-2021-38509
CVE-2021-4129
CVE-2021-4140
CVE-2021-43536
CVE-2021-43537
CVE-2021-43538
CVE-2021-43539
CVE-2021-43540
CVE-2021-43541
CVE-2021-43542
CVE-2021-43543
CVE-2021-43545
CVE-2021-43546
CVE-2022-0511
CVE-2022-22737
CVE-2022-22738
CVE-2022-22739
CVE-2022-22740
CVE-2022-22741
CVE-2022-22742
CVE-2022-22743
CVE-2022-22745
CVE-2022-22747
CVE-2022-22748
CVE-2022-22751
CVE-2022-22753
CVE-2022-22754
CVE-2022-22755
CVE-2022-22756
CVE-2022-22757
CVE-2022-22758
CVE-2022-22759
CVE-2022-22760
CVE-2022-22761
CVE-2022-22762
CVE-2022-22763
CVE-2022-22764
MOZ-2021-0004
MOZ-2021-0005
MOZ-2021-0006
MOZ-2021-0007
MOZ-2021-0008