Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 772305 (CVE-2021-23970, CVE-2021-23971, CVE-2021-23972, CVE-2021-23974, CVE-2021-23975, CVE-2021-23976, CVE-2021-23977, MFSA-2021-08) - <www-client/firefox{,-bin}-{78.8.0,86.0}: multiple vulnerabilities (MFSA-2021-08)
Summary: <www-client/firefox{,-bin}-{78.8.0,86.0}: multiple vulnerabilities (MFSA-2021...
Status: RESOLVED FIXED
Alias: CVE-2021-23970, CVE-2021-23971, CVE-2021-23972, CVE-2021-23974, CVE-2021-23975, CVE-2021-23976, CVE-2021-23977, MFSA-2021-08
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks: CVE-2021-23968, CVE-2021-23969, CVE-2021-23973, CVE-2021-23978
  Show dependency tree
 
Reported: 2021-02-24 00:05 UTC by John Helmert III
Modified: 2021-05-01 00:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III gentoo-dev Security 2021-02-24 00:05:51 UTC
Firefox advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-07/
Firefox ESR advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2021-08/

Please stabilize Firefox 78.8 and 86.0.
Comment 1 NATTkA bot gentoo-dev 2021-02-24 00:08:55 UTC Comment hidden (obsolete)
Comment 2 NATTkA bot gentoo-dev 2021-02-24 00:40:55 UTC Comment hidden (obsolete)
Comment 3 Larry the Git Cow gentoo-dev 2021-02-25 12:16:14 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9b28eff7f3cc5cd614775e82757b8d11d442ad0b

commit 9b28eff7f3cc5cd614775e82757b8d11d442ad0b
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-02-25 12:15:30 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-25 12:15:30 +0000

    www-client/firefox: stabilize 78.8.0 on x86
    
    Bug: https://bugs.gentoo.org/772305
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/firefox-78.8.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf79a1c5496da8ec5b37349956163147fbdc989b

commit cf79a1c5496da8ec5b37349956163147fbdc989b
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-02-25 12:14:52 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-25 12:14:52 +0000

    www-client/firefox: stabilize 78.8.0 on amd64
    
    Bug: https://bugs.gentoo.org/772305
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/firefox-78.8.0.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 Sam James archtester gentoo-dev Security 2021-02-26 13:58:48 UTC
arm64 done

all arches done
Comment 5 John Helmert III gentoo-dev Security 2021-02-26 16:41:59 UTC
Please cleanup.
Comment 6 Larry the Git Cow gentoo-dev 2021-02-27 12:39:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b46546305642d737cea6e25fd22e8fbc26b2efac

commit b46546305642d737cea6e25fd22e8fbc26b2efac
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-02-27 12:38:22 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-27 12:38:22 +0000

    www-client/firefox: security cleanup
    
    Bug: https://bugs.gentoo.org/772305
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest                 |  291 -------
 www-client/firefox/firefox-78.7.0.ebuild    | 1140 --------------------------
 www-client/firefox/firefox-78.7.1-r1.ebuild | 1183 ---------------------------
 www-client/firefox/firefox-85.0.2-r1.ebuild | 1173 --------------------------
 4 files changed, 3787 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64d8da3fe74769f371dc49e2308442740ef00670

commit 64d8da3fe74769f371dc49e2308442740ef00670
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2021-02-27 12:37:42 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2021-02-27 12:37:42 +0000

    www-client/firefox-bin: security cleanup
    
    Bug: https://bugs.gentoo.org/772305
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox-bin/Manifest                  | 194 -----------
 www-client/firefox-bin/firefox-bin-78.7.1.ebuild | 411 -----------------------
 www-client/firefox-bin/firefox-bin-85.0.2.ebuild | 411 -----------------------
 3 files changed, 1016 deletions(-)
Comment 7 John Helmert III gentoo-dev Security 2021-02-27 20:02:25 UTC
Thank you!
Comment 8 Thomas Deutschmann gentoo-dev Security 2021-04-30 22:42:51 UTC
New GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-05-01 00:03:10 UTC
This issue was resolved and addressed in
 GLSA 202104-10 at https://security.gentoo.org/glsa/202104-10
by GLSA coordinator Thomas Deutschmann (whissi).