1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-202305-06

[GLSA-202305-06] Mozilla Firefox: Multiple Vulnerabilities

Severity High
Affected Packages 4
Unaffected Packages 4
CVEs 21
Info Packages References Vulnerabilities

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.

Background
Mozilla Firefox is a popular open-source web browser from the Mozilla project.

Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All Mozilla Firefox ESR binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-102.7.0:esr"

All Mozilla Firefox ESR users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-102.7.0:esr"

All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-109.0:rapid"

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-109.0:rapid"

Package Affected Version
pkg:ebuild/www-client/firefox?distro=gentoo < 102.7.0
pkg:ebuild/www-client/firefox?distro=gentoo < 109.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo < 102.7.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo < 109.0
Package Unaffected Version
pkg:ebuild/www-client/firefox?distro=gentoo >= 102.7.0
pkg:ebuild/www-client/firefox?distro=gentoo >= 109.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo >= 102.7.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo >= 109.0
ID
GLSA-202305-06
Severity
high
URL
https://security.gentoo.org/glsa/202305-06
Published
2023-05-03T00:00:00
(16 months ago)
Modified
2023-05-03T00:00:00
(16 months ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2022-46871 CVE-2022-46871 https://nvd.nist.gov/vuln/detail/CVE-2022-46871
CVE CVE-2022-46872 CVE-2022-46872 https://nvd.nist.gov/vuln/detail/CVE-2022-46872
CVE CVE-2022-46873 CVE-2022-46873 https://nvd.nist.gov/vuln/detail/CVE-2022-46873
CVE CVE-2022-46874 CVE-2022-46874 https://nvd.nist.gov/vuln/detail/CVE-2022-46874
CVE CVE-2022-46875 CVE-2022-46875 https://nvd.nist.gov/vuln/detail/CVE-2022-46875
CVE CVE-2022-46877 CVE-2022-46877 https://nvd.nist.gov/vuln/detail/CVE-2022-46877
CVE CVE-2022-46878 CVE-2022-46878 https://nvd.nist.gov/vuln/detail/CVE-2022-46878
CVE CVE-2022-46879 CVE-2022-46879 https://nvd.nist.gov/vuln/detail/CVE-2022-46879
CVE CVE-2022-46880 CVE-2022-46880 https://nvd.nist.gov/vuln/detail/CVE-2022-46880
CVE CVE-2022-46881 CVE-2022-46881 https://nvd.nist.gov/vuln/detail/CVE-2022-46881
CVE CVE-2022-46882 CVE-2022-46882 https://nvd.nist.gov/vuln/detail/CVE-2022-46882
CVE CVE-2023-23597 CVE-2023-23597 https://nvd.nist.gov/vuln/detail/CVE-2023-23597
CVE CVE-2023-23598 CVE-2023-23598 https://nvd.nist.gov/vuln/detail/CVE-2023-23598
CVE CVE-2023-23599 CVE-2023-23599 https://nvd.nist.gov/vuln/detail/CVE-2023-23599
CVE CVE-2023-23600 CVE-2023-23600 https://nvd.nist.gov/vuln/detail/CVE-2023-23600
CVE CVE-2023-23601 CVE-2023-23601 https://nvd.nist.gov/vuln/detail/CVE-2023-23601
CVE CVE-2023-23602 CVE-2023-23602 https://nvd.nist.gov/vuln/detail/CVE-2023-23602
CVE CVE-2023-23603 CVE-2023-23603 https://nvd.nist.gov/vuln/detail/CVE-2023-23603
CVE CVE-2023-23604 CVE-2023-23604 https://nvd.nist.gov/vuln/detail/CVE-2023-23604
CVE CVE-2023-23605 CVE-2023-23605 https://nvd.nist.gov/vuln/detail/CVE-2023-23605
CVE CVE-2023-23606 CVE-2023-23606 https://nvd.nist.gov/vuln/detail/CVE-2023-23606
Bugzilla 885813 Bugzilla #885813 https://bugs.gentoo.org/show_bug.cgi?id=885813
Bugzilla 891213 Bugzilla #891213 https://bugs.gentoo.org/show_bug.cgi?id=891213
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox < 102.7.0 gentoo
Affected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox < 109.0 gentoo
Unaffected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox >= 102.7.0 gentoo
Unaffected pkg:ebuild/www-client/firefox?distro=gentoo www-client firefox >= 109.0 gentoo
Affected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin < 102.7.0 gentoo
Affected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin < 109.0 gentoo
Unaffected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin >= 102.7.0 gentoo
Unaffected pkg:ebuild/www-client/firefox-bin?distro=gentoo www-client firefox-bin >= 109.0 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date