Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 842438 (CVE-2022-29910, CVE-2022-29915, CVE-2022-29918) - <www-client/firefox{-bin,}-{91.9.0,100.0}: multiple vulnerabilities
Summary: <www-client/firefox{-bin,}-{91.9.0,100.0}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-29910, CVE-2022-29915, CVE-2022-29918
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+]
Keywords:
Depends on: 842651
Blocks: CVE-2022-1196, CVE-2022-24713, CVE-2022-28281, CVE-2022-28282, CVE-2022-28285, CVE-2022-28286, CVE-2022-28289, CVE-2022-29909, CVE-2022-29911, CVE-2022-29912, CVE-2022-29914, CVE-2022-29916, CVE-2022-29917
  Show dependency tree
 
Reported: 2022-05-03 13:58 UTC by John Helmert III
Modified: 2022-08-10 04:22 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-03 13:58:46 UTC
ESR advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-17/
Rapid advisory: https://www.mozilla.org/en-US/security/advisories/mfsa2022-16/

As usual, these contains memory handling issues which are presumed to
be exploitable to run arbitrary code. Waiting on firefox-100 bump.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-05-10 16:05:01 UTC
Thanks, please cleanup!
Comment 2 Larry the Git Cow gentoo-dev 2022-05-16 06:25:35 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=521a8cae42cebe2829446aa7781cfea951d25e08

commit 521a8cae42cebe2829446aa7781cfea951d25e08
Author:     Joonas Niilola <juippis@gentoo.org>
AuthorDate: 2022-05-16 06:24:15 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2022-05-16 06:24:15 +0000

    www-client/firefox: drop 91.8.0, 99.0.1
    
    Bug: https://bugs.gentoo.org/842438
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-client/firefox/Manifest              |  197 -----
 www-client/firefox/firefox-91.8.0.ebuild | 1250 -----------------------------
 www-client/firefox/firefox-99.0.1.ebuild | 1264 ------------------------------
 3 files changed, 2711 deletions(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-08-10 04:18:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=28683764d95cb78c056bdf67f3245ad0eb5c6bbe

commit 28683764d95cb78c056bdf67f3245ad0eb5c6bbe
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-08-10 04:06:48 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-08-10 04:17:28 +0000

    [ GLSA 202208-08 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/834631
    Bug: https://bugs.gentoo.org/834804
    Bug: https://bugs.gentoo.org/836866
    Bug: https://bugs.gentoo.org/842438
    Bug: https://bugs.gentoo.org/846593
    Bug: https://bugs.gentoo.org/849044
    Bug: https://bugs.gentoo.org/857045
    Bug: https://bugs.gentoo.org/861515
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202208-08.xml | 147 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 147 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-10 04:22:58 UTC
GLSA released, all done!