Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 834631 - <www-client/firefox{-bin,}-{91.6.1,97.0.2}: code execution and sandbox escape (actively exploited)
Summary: <www-client/firefox{-bin,}-{91.6.1,97.0.2}: code execution and sandbox escape...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major
Assignee: Gentoo Security
URL: https://www.mozilla.org/en-US/securit...
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 834649
Blocks: CVE-2022-26485, CVE-2022-26486
  Show dependency tree
 
Reported: 2022-03-05 17:28 UTC by John Helmert III
Modified: 2022-08-10 04:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-05 17:28:27 UTC
CVE-2022-26485:

Removing an XSLT parameter during processing could have lead to an
exploitable use-after-free. We have had reports of attacks in the wild
abusing this flaw.

CVE-2022-26486:

An unexpected message in the WebGPU IPC framework could lead to a
use-after-free and exploitable sandbox escape. We have had reports of
attacks in the wild abusing this flaw.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-05 17:29:13 UTC
Please stabilize ASAP, if we're able.
Comment 3 Larry the Git Cow gentoo-dev 2022-08-10 04:18:54 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=28683764d95cb78c056bdf67f3245ad0eb5c6bbe

commit 28683764d95cb78c056bdf67f3245ad0eb5c6bbe
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-10 04:06:48 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-10 04:17:28 +0000

    [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/834631
    Bug: https://bugs.gentoo.org/834804
    Bug: https://bugs.gentoo.org/836866
    Bug: https://bugs.gentoo.org/842438
    Bug: https://bugs.gentoo.org/846593
    Bug: https://bugs.gentoo.org/849044
    Bug: https://bugs.gentoo.org/857045
    Bug: https://bugs.gentoo.org/861515
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-08.xml | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 147 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:28:23 UTC
GLSA released, all done!