Home[1] Files[2] News[3] &[SERVICES_TAB] Contact[4] Add New[5]
- Gentoo Linux Security Advisory 202209-27[6]
- Authored by Gentoo[7] | Site security.gentoo.org[8]
-
Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.
- systems | linux[9], gentoo[10]
- advisories | CVE-2022-40956[11], CVE-2022-40957[12], CVE-2022-40958[13], CVE-2022-40959[14], CVE-2022-40960[15], CVE-2022-40962[16]
- SHA-256 |
da5ad64b1ca5059281d41422aedf676273506128bf27ccfc379aa4eb214fc474
- Download[17] | Favorite[18] | View[19]
Change Mirror[20] Download[21]
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202209-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Mozilla Firefox: Multiple Vulnerabilities
Date: September 29, 2022
Bugs: #872059
ID: 202209-27
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Mozilla Firefox, the
worst of which could result in arbitrary code execution.
Background
=========
Mozilla Firefox is a popular open-source web browser from the Mozilla
project.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 www-client/firefox < 102.3.0:esr >= 102.3.0:esr
< 105.0:rapid >= 105.0:rapid
2 www-client/firefox-bin < 102.3.0:esr >= 102.3.0:esr
< 105.0:rapid >= 105.0:rapid
Description
==========
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Mozilla Firefox ESR users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-102.3.0"
All Mozilla Firefox ESR binary users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.3.0"
All Mozilla Firefox users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-105.0"
All Mozilla Firefox binary users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-105.0"
References
=========
[ 1 ] CVE-2022-40956
https://nvd.nist.gov/vuln/detail/CVE-2022-40956
[ 2 ] CVE-2022-40957
https://nvd.nist.gov/vuln/detail/CVE-2022-40957
[ 3 ] CVE-2022-40958
https://nvd.nist.gov/vuln/detail/CVE-2022-40958
[ 4 ] CVE-2022-40959
https://nvd.nist.gov/vuln/detail/CVE-2022-40959
[ 5 ] CVE-2022-40960
https://nvd.nist.gov/vuln/detail/CVE-2022-40960
[ 6 ] CVE-2022-40962
https://nvd.nist.gov/vuln/detail/CVE-2022-40962
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202209-27
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed toCette adresse e-mail est protégée contre les robots spammeurs. Vous devez activer le JavaScript pour la visualiser. or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
File Tags
- ActiveX[26] (932)
- Advisory[27] (78,298)
- Arbitrary[28] (15,289)
- BBS[29] (2,859)
- Bypass[30] (1,599)
- CGI[31] (1,013)
- Code Execution[32] (6,782)
- Conference[33] (671)
- Cracker[34] (799)
- CSRF[35] (3,277)
- DoS[36] (22,071)
- Encryption[37] (2,340)
- Exploit[38] (50,142)
- File Inclusion[39] (4,160)
- File Upload[40] (945)
- Firewall[41] (821)
- Info Disclosure[42] (2,565)
- Intrusion Detection[43] (862)
- Java[44] (2,825)
- JavaScript[45] (808)
- Kernel[46] (6,160)
- Local[47] (14,097)
- Magazine[48] (586)
- Overflow[49] (12,254)
- Perl[50] (1,413)
- PHP[51] (5,059)
- Proof of Concept[52] (2,284)
- Protocol[53] (3,355)
- Python[54] (1,408)
- Remote[55] (29,868)
- Root[56] (3,468)
- Ruby[57] (581)
- Scanner[58] (1,631)
- Security Tool[59] (7,742)
- Shell[60] (3,077)
- Shellcode[61] (1,204)
- Sniffer[62] (883)
- Spoof[63] (2,123)
- SQL Injection[64] (16,059)
- TCP[65] (2,370)
- Trojan[66] (682)
- UDP[67] (873)
- Virus[68] (660)
- Vulnerability[69] (30,669)
- Web[70] (9,115)
- Whitepaper[71] (3,723)
- x86[72] (944)
- XSS[73] (17,404)
- Other[74]
File Archives
- September 2022[75]
- August 2022[76]
- July 2022[77]
- June 2022[78]
- May 2022[79]
- April 2022[80]
- March 2022[81]
- February 2022[82]
- January 2022[83]
- December 2021[84]
- November 2021[85]
- October 2021[86]
- Older[87]
Systems
- AIX[88] (426)
- Apple[89] (1,899)
- BSD[90] (369)
- CentOS[91] (55)
- Cisco[92] (1,915)
- Debian[93] (5,948)
- Fedora[94] (1,690)
- FreeBSD[95] (1,242)
- Gentoo[96] (4,219)
- HPUX[97] (878)
- iOS[98] (323)
- iPhone[99] (108)
- IRIX[100] (220)
- Juniper[101] (67)
- Linux[102] (42,947)
- Mac OS X[103] (684)
- Mandriva[104] (3,105)
- NetBSD[105] (255)
- OpenBSD[106] (478)
- RedHat[107] (12,014)
- Slackware[108] (941)
- Solaris[109] (1,607)
- SUSE[110] (1,444)
- Ubuntu[111] (8,032)
- UNIX[112] (9,120)
- UnixWare[113] (185)
- Windows[114] (6,473)
- Other[115]
Read more https://packetstormsecurity.com/files/168580/glsa-202209-27.txt