Synopsis: Important: firefox security update Advisory ID: SLSA-2021:3791-1 Issue Date: 2021-10-12 CVE Numbers: CVE-2021-32810 CVE-2021-38496 CVE-2021-38497 CVE-2021-38498 CVE-2021-38500 CVE-2021-38501 -- This update upgrades Firefox to version 91.2.0 ESR. Security Fix(es): * Mozilla: Use-after-free in MessageTask (CVE-2021-38496) * Mozilla: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and Firefox ESR 91.2 (CVE-2021-38500) * Mozilla: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2 (CVE-2021-38501) * rust-crossbeam-deque: race condition may lead to double free (CVE-2021-32810) * Mozilla: Validation message could have been overlaid on another origin (CVE-2021-38497) * Mozilla: Use-after-free of nsLanguageAtomService object (CVE-2021-38498) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE --- SL7 x86_64 firefox-91.2.0-4.el7_9.i686.rpm firefox-91.2.0-4.el7_9.x86_64.rpm firefox-debuginfo-91.2.0-4.el7_9.x86_64.rpm -- - Scientific Linux Development Team