Synopsis: Important: firefox security update Advisory ID: SLSA-2022:1703-1 Issue Date: 2022-05-04 CVE Numbers: CVE-2022-29914 CVE-2022-29909 CVE-2022-29916 CVE-2022-29911 CVE-2022-29912 CVE-2022-29917 -- This update upgrades Firefox to version 91.9.0 ESR. Security Fix(es): * Mozilla: Bypassing permission prompt in nested browsing contexts (CVE-2022-29909) * Mozilla: iframe Sandbox bypass (CVE-2022-29911) * Mozilla: Fullscreen notification bypass using popups (CVE-2022-29914) * Mozilla: Leaking browser history with CSS variables (CVE-2022-29916) * Mozilla: Memory safety bugs fixed in Firefox 100 and Firefox ESR 91.9 (CVE-2022-29917) * Mozilla: Reader mode bypassed SameSite cookies (CVE-2022-29912) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 firefox-91.9.0-1.el7_9.x86_64.rpm firefox-debuginfo-91.9.0-1.el7_9.x86_64.rpm firefox-91.9.0-1.el7_9.i686.rpm - Scientific Linux Development Team