[ALSA-2023:1787] firefox security update

Severity Important

Affected Packages 2

CVEs 8

firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.10.0 ESR.

Security Fix(es):

MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)
Mozilla: Fullscreen notification obscured (CVE-2023-29533)
Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.7	< 102.10.0-1.el8_7.alma
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.7	< 102.10.0-1.el8_7.alma

ID

ALSA-2023:1787

Severity

important

URL

https://errata.almalinux.org/ALSA-2023:1787.html

Published

2023-04-14T00:00:00
(17 months ago)

Modified

2023-04-20T13:11:54
(17 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2023:1787	https://access.redhat.com/errata/RHSA-2023:1787
CVE	CVE-2023-1945	https://access.redhat.com/security/cve/CVE-2023-1945
CVE	CVE-2023-29533	https://access.redhat.com/security/cve/CVE-2023-29533
CVE	CVE-2023-29535	https://access.redhat.com/security/cve/CVE-2023-29535
CVE	CVE-2023-29536	https://access.redhat.com/security/cve/CVE-2023-29536
CVE	CVE-2023-29539	https://access.redhat.com/security/cve/CVE-2023-29539
CVE	CVE-2023-29541	https://access.redhat.com/security/cve/CVE-2023-29541
CVE	CVE-2023-29548	https://access.redhat.com/security/cve/CVE-2023-29548
CVE	CVE-2023-29550	https://access.redhat.com/security/cve/CVE-2023-29550
Bugzilla	2186101	https://bugzilla.redhat.com/2186101
Bugzilla	2186103	https://bugzilla.redhat.com/2186103
Bugzilla	2186104	https://bugzilla.redhat.com/2186104
Bugzilla	2186105	https://bugzilla.redhat.com/2186105
Bugzilla	2186106	https://bugzilla.redhat.com/2186106
Bugzilla	2186109	https://bugzilla.redhat.com/2186109
Bugzilla	2186110	https://bugzilla.redhat.com/2186110
Bugzilla	2186111	https://bugzilla.redhat.com/2186111
Self	ALSA-2023:1787	https://errata.almalinux.org/8/ALSA-2023-1787.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.7	almalinux	firefox	< 102.10.0-1.el8_7.alma	almalinux-8.7	x86_64
Affected	pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.7	almalinux	firefox	< 102.10.0-1.el8_7.alma	almalinux-8.7	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date