[RHSA-2023:1337] firefox security update

Severity Important

Affected Packages 8

CVEs 5

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751)
Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176)
Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752)
Mozilla: Invalid downcast in Worklets (CVE-2023-28162)
Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox-x11?arch=x86_64&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox-x11?arch=s390x&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox-x11?arch=ppc64le&distro=redhat-9.1	< 102.9.0-3.el9_1
pkg:rpm/redhat/firefox-x11?arch=aarch64&distro=redhat-9.1	< 102.9.0-3.el9_1

ID

RHSA-2023:1337

Severity

important

URL

https://access.redhat.com/errata/RHSA-2023:1337

Published

2023-03-20T00:00:00
(18 months ago)

Modified

2023-03-20T00:00:00
(18 months ago)

Rights

Other Advisories

Source	# ID	URL
Bugzilla	2178458	https://bugzilla.redhat.com/2178458
Bugzilla	2178460	https://bugzilla.redhat.com/2178460
Bugzilla	2178466	https://bugzilla.redhat.com/2178466
Bugzilla	2178470	https://bugzilla.redhat.com/2178470
Bugzilla	2178472	https://bugzilla.redhat.com/2178472
RHSA	RHSA-2023:1337	https://access.redhat.com/errata/RHSA-2023:1337
CVE	CVE-2023-25751	https://access.redhat.com/security/cve/CVE-2023-25751
CVE	CVE-2023-25752	https://access.redhat.com/security/cve/CVE-2023-25752
CVE	CVE-2023-28162	https://access.redhat.com/security/cve/CVE-2023-28162
CVE	CVE-2023-28164	https://access.redhat.com/security/cve/CVE-2023-28164
CVE	CVE-2023-28176	https://access.redhat.com/security/cve/CVE-2023-28176

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-9.1	redhat	firefox	< 102.9.0-3.el9_1	redhat-9.1	x86_64
Affected	pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-9.1	redhat	firefox	< 102.9.0-3.el9_1	redhat-9.1	s390x
Affected	pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-9.1	redhat	firefox	< 102.9.0-3.el9_1	redhat-9.1	ppc64le
Affected	pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-9.1	redhat	firefox	< 102.9.0-3.el9_1	redhat-9.1	aarch64
Affected	pkg:rpm/redhat/firefox-x11?arch=x86_64&distro=redhat-9.1	redhat	firefox-x11	< 102.9.0-3.el9_1	redhat-9.1	x86_64
Affected	pkg:rpm/redhat/firefox-x11?arch=s390x&distro=redhat-9.1	redhat	firefox-x11	< 102.9.0-3.el9_1	redhat-9.1	s390x
Affected	pkg:rpm/redhat/firefox-x11?arch=ppc64le&distro=redhat-9.1	redhat	firefox-x11	< 102.9.0-3.el9_1	redhat-9.1	ppc64le
Affected	pkg:rpm/redhat/firefox-x11?arch=aarch64&distro=redhat-9.1	redhat	firefox-x11	< 102.9.0-3.el9_1	redhat-9.1	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date