CESA-2021:5014 -- centos 7 firefoxID: oval:org.secpod.oval:def:205924 | Date: (C)2021-12-22 (M)2024-02-08 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 91.4.0 ESR. Security Fix: * Mozilla: Memory safety bugs fixed in Firefox 95 and Firefox ESR 91.4 * Mozilla: URL leakage when navigating while executing asynchronous function * Mozilla: Heap buffer overflow when using structured clone * Mozilla: Missing fullscreen and pointer lock notification when requesting both * Mozilla: GC rooting failure when calling wasm instance methods * Mozilla: External protocol handler parameters were unescaped * Mozilla: XMLHttpRequest error codes could have leaked the existence of an external protocol handler * Mozilla: Bypass of CSP sandbox directive when embedding * Mozilla: Denial of Service when using the Location API in a loop * Mozilla: Cursor spoofing could overlay user interface when native cursor is zoomed For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.