AVG-2511 log

Package firefox
Status Fixed
Severity High
Type multiple issues
Affected 93.0-1
Fixed 94.0-1
Current 131.0.2-1 [extra]
Ticket None
Created Tue Nov 2 13:20:20 2021
Issue Severity Remote Type Description
CVE-2021-38509 Medium Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Due to an unusual sequence of attacker-controlled events,...
CVE-2021-38508 Medium Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. By displaying a form validity message in the correct...
CVE-2021-38507 High Yes Same-origin policy bypass
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The Opportunistic Encryption feature of HTTP2 (RFC 8164)...
CVE-2021-38506 High Yes Content spoofing
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. Through a series of navigations, Firefox and Thunderbird...
CVE-2021-38504 High Yes Arbitrary code execution
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. When interacting with an HTML input element's file picker...
CVE-2021-38503 High Yes Sandbox escape
A security issue has been found in Firefox before version 94 and Thunderbird before version 91.3. The iframe sandbox rules were not correctly applied to...
Date Advisory Package Type
05 Nov 2021 ASA-202111-2 firefox multiple issues
References
https://www.mozilla.org/en-US/security/advisories/mfsa2021-48/
Notes
There are five further security issues with pending CVE assignments in the advisory (MOZ-2021-0004, MOZ-2021-0005, MOZ-2021-0006, MOZ-2021-0007).