CESA-2022:8552 -- centos 7 firefoxID: oval:org.secpod.oval:def:205993 | Date: (C)2022-12-12 (M)2023-11-19 |
Class: PATCH | Family: unix |
Security Fix: Mozilla: Service Workers might have learned size of cross-origin media files Mozilla: Fullscreen notification bypass Mozilla: Use-after-free in InputStream implementation Mozilla: Use-after-free of a JavaScript Realm Mozilla: Fullscreen notification bypass via windowName Mozilla: Use-after-free in Garbage Collection Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy Mozilla: Cross-Site Tracing was possible via non-standard override headers Mozilla: Symlinks may resolve to partially uninitialized buffers Mozilla: Keystroke Side-Channel Leakage Mozilla: Custom mouse cursor could have been drawn over browser UI Mozilla: Iframe contents could be rendered outside the iframe For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.