Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

当サイトはユーザー体験を改善するためのメンテナンスを実施中に機能が制限される予定です。記事を読んでもあなたの問題が解決せず質問をしたい場合は、Twitter の @FirefoxSupport、Reddit の /r/firefox で、サポートコミュニティが皆さんを助けようと待機しています。

Mozilla サポートの検索

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

詳しく学ぶ

このスレッドはアーカイブに保管されました。 必要であれば新たに質問してください。

Firefox ESR 91.12

  • 9 件の返信
  • 0 人がこの問題に困っています
  • 1 回表示
  • 最後の返信者: Mike Kaply

more options

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29.

It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12.

Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence

Thank You,

Hello, Qualys is detecting Vulnerabilites on our Firefox ESR 91.12 Versions which were patched by MFSA2022-29. It is showing Vulnerabilities because MFSA2022-30 lists CVE's for ESR 102.X and we are on 91.12. Is there anywhere I can go to get a list of all Vulnerabilities on 91.X to show our Security team, I believe CVE-2022-36314 and CVE-2022-2505 are not present in 91.12 because they are not listed in https://www.mozilla.org/en-US/security/advisories/mfsa2022-29/ but need evidence Thank You,

選ばれた解決策

CVE-2022-36314 was not fixed in Firefox 91 ESR.

See:

https://bugzilla.mozilla.org/show_bug.cgi?id=1773894#c25

ESR was not affected by CVE-2022-2505.

この回答をすべて読む 👍 0

すべての返信 (9)

more options

I can't speak for Qualys, but it looks like there is a 91.13.0esr out today. Maybe that will help?

more options

Thank you for the Reply. This doesn't help though. Is CVE-2022-36314 and CVE-2022-2505 present in ESR 91.12.

more options

As you have seen, there is no indication in the Mozilla security alerts that Firefox 91.x is affected by the local .lnk issue. The bug report linked in the alert typically is confidential. Maybe someone who reads this thread is authorized to read it (I am not).

more options

Thank you for the information on the local .lnk issue. Is there anyway to get someone who has authority to reply regarding this?

more options

Btw the Fx 91.13.0 ESR Released today is the last main update for the old Fx 91.0 ESR channel as when Fx 105.0 is Released there will only be the Fx 102.3 ESR for a supported ESR version.

more options

Thank you for the information, we did update to 91.13 and will work with the owner of the server to get ESR updated to 102.3 next month. In the meantime, I need to prove CVE-2022-36314 and CVE-2022-2505 are not present in ESR 91.12, can someone please respond with the answer to the question.

Thank You,

more options

選ばれた解決策

CVE-2022-36314 was not fixed in Firefox 91 ESR.

See:

https://bugzilla.mozilla.org/show_bug.cgi?id=1773894#c25

ESR was not affected by CVE-2022-2505.

more options

Thank you Mike! So CVE-2022-36314 is present in ESR 91.12?

more options

> Thank you Mike! So CVE-2022-36314 is present in ESR 91.12?

It was both complex and not a high severity issue and 102 ESR can be used.