[ALSA-2023:4468] firefox security update

Severity Important

Affected Packages 2

CVEs 9

firefox security update

TODO: add package description

This update upgrades Firefox to version 102.14.0 ESR.

Security Fix(es):

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045)
Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047)
Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048)
Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049)
Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)
Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056)
Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057)
Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.8	< 102.14.0-1.el8_8.alma
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.8	< 102.14.0-1.el8_8.alma

ID

ALSA-2023:4468

Severity

important

URL

https://errata.almalinux.org/ALSA-2023:4468.html

Published

2023-08-03T00:00:00
(13 months ago)

Modified

2023-08-04T19:54:12
(13 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2023:4468	https://access.redhat.com/errata/RHSA-2023:4468
CVE	CVE-2023-4045	https://access.redhat.com/security/cve/CVE-2023-4045
CVE	CVE-2023-4046	https://access.redhat.com/security/cve/CVE-2023-4046
CVE	CVE-2023-4047	https://access.redhat.com/security/cve/CVE-2023-4047
CVE	CVE-2023-4048	https://access.redhat.com/security/cve/CVE-2023-4048
CVE	CVE-2023-4049	https://access.redhat.com/security/cve/CVE-2023-4049
CVE	CVE-2023-4050	https://access.redhat.com/security/cve/CVE-2023-4050
CVE	CVE-2023-4055	https://access.redhat.com/security/cve/CVE-2023-4055
CVE	CVE-2023-4056	https://access.redhat.com/security/cve/CVE-2023-4056
CVE	CVE-2023-4057	https://access.redhat.com/security/cve/CVE-2023-4057
Bugzilla	2228360	https://bugzilla.redhat.com/2228360
Bugzilla	2228361	https://bugzilla.redhat.com/2228361
Bugzilla	2228362	https://bugzilla.redhat.com/2228362
Bugzilla	2228363	https://bugzilla.redhat.com/2228363
Bugzilla	2228364	https://bugzilla.redhat.com/2228364
Bugzilla	2228365	https://bugzilla.redhat.com/2228365
Bugzilla	2228367	https://bugzilla.redhat.com/2228367
Bugzilla	2228370	https://bugzilla.redhat.com/2228370
Bugzilla	2228371	https://bugzilla.redhat.com/2228371
Self	ALSA-2023:4468	https://errata.almalinux.org/8/ALSA-2023-4468.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.8	almalinux	firefox	< 102.14.0-1.el8_8.alma	almalinux-8.8	x86_64
Affected	pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.8	almalinux	firefox	< 102.14.0-1.el8_8.alma	almalinux-8.8	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date