[RLSA-2023:4468] firefox security update

Severity Important

Affected Packages 2

CVEs 9

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

TODO: add package description

This update upgrades Firefox to version 102.14.0 ESR.

Security Fix(es):

Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045)
Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047)
Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048)
Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049)
Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)
Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056)
Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057)
Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/rockylinux/firefox?arch=x86_64&distro=rockylinux-8.8	< 102.14.0-1.el8_8
pkg:rpm/rockylinux/firefox?arch=aarch64&distro=rockylinux-8.8	< 102.14.0-1.el8_8

ID

RLSA-2023:4468

Severity

important

URL

https://errata.rockylinux.org/RLSA-2023:4468

Published

2023-08-08T12:34:07
(13 months ago)

Modified

2023-08-08T12:36:07
(13 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2023-4045	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
CVE	CVE-2023-4046	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
CVE	CVE-2023-4047	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
CVE	CVE-2023-4048	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
CVE	CVE-2023-4049	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
CVE	CVE-2023-4050	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
CVE	CVE-2023-4055	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
CVE	CVE-2023-4056	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
CVE	CVE-2023-4057	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4057
Bugzilla	2228360	https://bugzilla.redhat.com/show_bug.cgi?id=2228360
Bugzilla	2228361	https://bugzilla.redhat.com/show_bug.cgi?id=2228361
Bugzilla	2228362	https://bugzilla.redhat.com/show_bug.cgi?id=2228362
Bugzilla	2228363	https://bugzilla.redhat.com/show_bug.cgi?id=2228363
Bugzilla	2228364	https://bugzilla.redhat.com/show_bug.cgi?id=2228364
Bugzilla	2228365	https://bugzilla.redhat.com/show_bug.cgi?id=2228365
Bugzilla	2228367	https://bugzilla.redhat.com/show_bug.cgi?id=2228367
Bugzilla	2228370	https://bugzilla.redhat.com/show_bug.cgi?id=2228370
Bugzilla	2228371	https://bugzilla.redhat.com/show_bug.cgi?id=2228371
Self	RLSA-2023:4468	https://errata.rockylinux.org/RLSA-2023:4468

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/rockylinux/firefox?arch=x86_64&distro=rockylinux-8.8	rockylinux	firefox	< 102.14.0-1.el8_8	rockylinux-8.8	x86_64
Affected	pkg:rpm/rockylinux/firefox?arch=aarch64&distro=rockylinux-8.8	rockylinux	firefox	< 102.14.0-1.el8_8	rockylinux-8.8	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date