CESA-2021:4116 -- centos 7 firefoxID: oval:org.secpod.oval:def:205902 | Date: (C)2021-11-23 (M)2023-11-07 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.3.0 ESR. Security Fix: * Mozilla: Use-after-free in HTTP2 Session object * Mozilla: Memory safety bugs fixed in Firefox 94 and Firefox ESR 91.3 * Mozilla: iframe sandbox rules did not apply to XSLT stylesheets * Mozilla: Use-after-free in file picker dialog * Mozilla: Firefox could be coaxed into going into fullscreen mode without notification or warning * Mozilla: Opportunistic Encryption in HTTP2 could be used to bypass the Same-Origin-Policy on services hosted on other ports * Mozilla: Permission Prompt could be overlaid, resulting in user confusion and potential spoofing * Mozilla: Javascript alert box could have been spoofed onto an arbitrary domain For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.