Synopsis: Important: firefox security update Advisory ID: SLSA-2022:9072-1 Issue Date: 2022-12-16 CVE Numbers: CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 -- This update upgrades Firefox to version 102.6.0 ESR. Security Fix(es): * Mozilla: Arbitrary file read from a compromised content process (CVE-2022-46872) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.6 and Thunderbird 102.6 (CVE-2022-46878) * Mozilla: Use-after-free in WebGL (CVE-2022-46880) * Mozilla: Memory corruption in WebGL (CVE-2022-46881) * Mozilla: Drag and Dropped Filenames could have been truncated to malicious extensions (CVE-2022-46874) * Mozilla: Use-after-free in WebGL (CVE-2022-46882) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 firefox-102.6.0-1.el7_9.x86_64.rpm firefox-debuginfo-102.6.0-1.el7_9.x86_64.rpm firefox-102.6.0-1.el7_9.i686.rpm firefox-debuginfo-102.6.0-1.el7_9.i686.rpm - Scientific Linux Development Team