[ALSA-2023:6188] firefox security update

Severity Important

Affected Packages 4

CVEs 7

firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.4.0 ESR.

Security Fix(es):

Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721)
Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730)
libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)
Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724)
Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725)
Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)
Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.2	< 115.4.0-1.el9_2.alma.1
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.2	< 115.4.0-1.el9_2.alma.1
pkg:rpm/almalinux/firefox-x11?arch=x86_64&distro=almalinux-9.2	< 115.4.0-1.el9_2.alma.1
pkg:rpm/almalinux/firefox-x11?arch=aarch64&distro=almalinux-9.2	< 115.4.0-1.el9_2.alma.1

ID

ALSA-2023:6188

Severity

important

URL

https://errata.almalinux.org/ALSA-2023:6188.html

Published

2023-10-30T00:00:00
(10 months ago)

Modified

2023-11-03T09:22:48
(10 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2023:6188	https://access.redhat.com/errata/RHSA-2023:6188
CVE	CVE-2023-44488	https://access.redhat.com/security/cve/CVE-2023-44488
CVE	CVE-2023-5721	https://access.redhat.com/security/cve/CVE-2023-5721
CVE	CVE-2023-5724	https://access.redhat.com/security/cve/CVE-2023-5724
CVE	CVE-2023-5725	https://access.redhat.com/security/cve/CVE-2023-5725
CVE	CVE-2023-5728	https://access.redhat.com/security/cve/CVE-2023-5728
CVE	CVE-2023-5730	https://access.redhat.com/security/cve/CVE-2023-5730
CVE	CVE-2023-5732	https://access.redhat.com/security/cve/CVE-2023-5732
Bugzilla	2241806	https://bugzilla.redhat.com/2241806
Bugzilla	2245896	https://bugzilla.redhat.com/2245896
Bugzilla	2245898	https://bugzilla.redhat.com/2245898
Bugzilla	2245899	https://bugzilla.redhat.com/2245899
Bugzilla	2245900	https://bugzilla.redhat.com/2245900
Bugzilla	2245903	https://bugzilla.redhat.com/2245903
Bugzilla	2245906	https://bugzilla.redhat.com/2245906
Self	ALSA-2023:6188	https://errata.almalinux.org/9/ALSA-2023-6188.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.2	almalinux	firefox	< 115.4.0-1.el9_2.alma.1	almalinux-9.2	x86_64
Affected	pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.2	almalinux	firefox	< 115.4.0-1.el9_2.alma.1	almalinux-9.2	aarch64
Affected	pkg:rpm/almalinux/firefox-x11?arch=x86_64&distro=almalinux-9.2	almalinux	firefox-x11	< 115.4.0-1.el9_2.alma.1	almalinux-9.2	x86_64
Affected	pkg:rpm/almalinux/firefox-x11?arch=aarch64&distro=almalinux-9.2	almalinux	firefox-x11	< 115.4.0-1.el9_2.alma.1	almalinux-9.2	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date