{"id":"ALSA-2022:0510","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 91.6.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Extensions could have bypassed permission confirmation during update (CVE-2022-22754)\n\n* Mozilla: Memory safety bugs fixed in Firefox 97 and Firefox ESR 91.6 (CVE-2022-22764)\n\n* Mozilla: Drag and dropping an image could have resulted in the dropped object being an executable (CVE-2022-22756)\n\n* Mozilla: Sandboxed iframes could have executed script if the parent appended elements (CVE-2022-22759)\n\n* Mozilla: Cross-Origin responses could be distinguished between script and non-script content-types (CVE-2022-22760)\n\n* Mozilla: frame-ancestors Content Security Policy directive was not enforced for framed extension pages (CVE-2022-22761)\n\n* Mozilla: Script Execution during invalid object state (CVE-2022-22763)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T04:14:49.948645Z","published":"2022-02-14T08:13:38Z","related":["CVE-2022-22754","CVE-2022-22756","CVE-2022-22759","CVE-2022-22760","CVE-2022-22761","CVE-2022-22763","CVE-2022-22764"],"references":[{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22754"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22756"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22759"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22760"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22761"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22763"},{"type":"REPORT","url":"https://vulners.com/cve/CVE-2022-22764"}],"affected":[{"package":{"name":"firefox","ecosystem":"AlmaLinux:8","purl":"pkg:rpm/almalinux/firefox"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"91.6.0-1.el8_5.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:0510.json"}}],"schema_version":"1.7.3"}