[RHSA-2023:4952] firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.15.0 ESR.
Security Fix(es):
Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8.8 | < 102.15.0-1.el8_8 |
pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8.8 | < 102.15.0-1.el8_8 |
pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8.8 | < 102.15.0-1.el8_8 |
pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8.8 | < 102.15.0-1.el8_8 |
- ID
- RHSA-2023:4952
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2023:4952
- Published
-
2023-09-04T00:00:00
(12 months ago) - Modified
-
2023-09-04T00:00:00
(12 months ago) - Rights
- Copyright 2023 Red Hat, Inc.
- Other Advisories
-
- ALAS2-2023-2248
- ALPINE:CVE-2023-4051
- ALPINE:CVE-2023-4053
- ALPINE:CVE-2023-4573
- ALPINE:CVE-2023-4574
- ALPINE:CVE-2023-4575
- ALPINE:CVE-2023-4577
- ALPINE:CVE-2023-4578
- ALPINE:CVE-2023-4580
- ALPINE:CVE-2023-4581
- ALPINE:CVE-2023-4583
- ALPINE:CVE-2023-4584
- ALPINE:CVE-2023-4585
- ALSA-2023:4952
- ALSA-2023:4954
- ALSA-2023:4955
- ALSA-2023:4958
- DSA-5485-1
- DSA-5488-1
- ELSA-2023-4945
- ELSA-2023-4952
- ELSA-2023-4954
- ELSA-2023-4955
- ELSA-2023-4958
- ELSA-2023-5019
- GLSA-202402-25
- MFSA-2023-29
- MFSA-2023-34
- MFSA-2023-35
- MFSA-2023-36
- MFSA-2023-37
- MFSA-2023-38
- RHSA-2023:4945
- RHSA-2023:4954
- RHSA-2023:4955
- RHSA-2023:4958
- RHSA-2023:5019
- RLSA-2023:4952
- RLSA-2023:4954
- SSA:2023-242-01
- SUSE-SU-2023:3519-1
- SUSE-SU-2023:3559-1
- SUSE-SU-2023:3562-1
- SUSE-SU-2023:3664-1
- USN-6267-1
- USN-6320-1
- USN-6368-1
- USN-6405-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/firefox?arch=x86_64&distro=redhat-8.8 | redhat | firefox | < 102.15.0-1.el8_8 | redhat-8.8 | x86_64 | |
Affected | pkg:rpm/redhat/firefox?arch=s390x&distro=redhat-8.8 | redhat | firefox | < 102.15.0-1.el8_8 | redhat-8.8 | s390x | |
Affected | pkg:rpm/redhat/firefox?arch=ppc64le&distro=redhat-8.8 | redhat | firefox | < 102.15.0-1.el8_8 | redhat-8.8 | ppc64le | |
Affected | pkg:rpm/redhat/firefox?arch=aarch64&distro=redhat-8.8 | redhat | firefox | < 102.15.0-1.el8_8 | redhat-8.8 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |