1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:0728-1

[SUSE-SU-2023:0728-1] Security update for MozillaFirefox

Severity Important
Affected Packages 16
CVEs 13
Info Packages References Vulnerabilities

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Update to version 102.9.0 ESR (bsc#1209173):

  • CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android
  • CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android
  • CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt
  • CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode
  • CVE-2023-25751: Incorrect code generation during JIT compilation
  • CVE-2023-28160: Redirect to Web Extension files may have leaked local path
  • CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation
  • CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab
  • CVE-2023-28162: Invalid downcast in Worklets
  • CVE-2023-25752: Potential out-of-bounds when accessing throttled streams
  • CVE-2023-28163: Windows Save As dialog resolved environment variables
  • CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9
  • CVE-2023-28177: Memory safety bugs fixed in Firefox 111
Package Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-other?arch=x86_64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-other?arch=s390x&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-other?arch=ppc64le&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-other?arch=aarch64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-devel?arch=x86_64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-devel?arch=s390x&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-devel?arch=ppc64le&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
pkg:rpm/suse/MozillaFirefox-devel?arch=aarch64&distro=sles-15&sp=1 < 102.9.0-150000.150.79.1
ID
SUSE-SU-2023:0728-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20230728-1/
Published
2023-03-14T15:01:16
(18 months ago)
Modified
2023-03-14T15:01:16
(18 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0728-1.json
Suse URL for SUSE-SU-2023:0728-1 https://www.suse.com/support/update/announcement/2023/suse-su-20230728-1/
Suse E-Mail link for SUSE-SU-2023:0728-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/014031.html
Bugzilla SUSE Bug 1209173 https://bugzilla.suse.com/1209173
CVE SUSE CVE CVE-2023-25748 page https://www.suse.com/security/cve/CVE-2023-25748/
CVE SUSE CVE CVE-2023-25749 page https://www.suse.com/security/cve/CVE-2023-25749/
CVE SUSE CVE CVE-2023-25750 page https://www.suse.com/security/cve/CVE-2023-25750/
CVE SUSE CVE CVE-2023-25751 page https://www.suse.com/security/cve/CVE-2023-25751/
CVE SUSE CVE CVE-2023-25752 page https://www.suse.com/security/cve/CVE-2023-25752/
CVE SUSE CVE CVE-2023-28159 page https://www.suse.com/security/cve/CVE-2023-28159/
CVE SUSE CVE CVE-2023-28160 page https://www.suse.com/security/cve/CVE-2023-28160/
CVE SUSE CVE CVE-2023-28161 page https://www.suse.com/security/cve/CVE-2023-28161/
CVE SUSE CVE CVE-2023-28162 page https://www.suse.com/security/cve/CVE-2023-28162/
CVE SUSE CVE CVE-2023-28163 page https://www.suse.com/security/cve/CVE-2023-28163/
CVE SUSE CVE CVE-2023-28164 page https://www.suse.com/security/cve/CVE-2023-28164/
CVE SUSE CVE CVE-2023-28176 page https://www.suse.com/security/cve/CVE-2023-28176/
CVE SUSE CVE CVE-2023-28177 page https://www.suse.com/security/cve/CVE-2023-28177/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-15&sp=1 suse MozillaFirefox < 102.9.0-150000.150.79.1 sles-15 x86_64
Affected pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-15&sp=1 suse MozillaFirefox < 102.9.0-150000.150.79.1 sles-15 s390x
Affected pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-15&sp=1 suse MozillaFirefox < 102.9.0-150000.150.79.1 sles-15 ppc64le
Affected pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-15&sp=1 suse MozillaFirefox < 102.9.0-150000.150.79.1 sles-15 aarch64
Affected pkg:rpm/suse/MozillaFirefox-translations-other?arch=x86_64&distro=sles-15&sp=1 suse MozillaFirefox-translations-other < 102.9.0-150000.150.79.1 sles-15 x86_64
Affected pkg:rpm/suse/MozillaFirefox-translations-other?arch=s390x&distro=sles-15&sp=1 suse MozillaFirefox-translations-other < 102.9.0-150000.150.79.1 sles-15 s390x
Affected pkg:rpm/suse/MozillaFirefox-translations-other?arch=ppc64le&distro=sles-15&sp=1 suse MozillaFirefox-translations-other < 102.9.0-150000.150.79.1 sles-15 ppc64le
Affected pkg:rpm/suse/MozillaFirefox-translations-other?arch=aarch64&distro=sles-15&sp=1 suse MozillaFirefox-translations-other < 102.9.0-150000.150.79.1 sles-15 aarch64
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-15&sp=1 suse MozillaFirefox-translations-common < 102.9.0-150000.150.79.1 sles-15 x86_64
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-15&sp=1 suse MozillaFirefox-translations-common < 102.9.0-150000.150.79.1 sles-15 s390x
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-15&sp=1 suse MozillaFirefox-translations-common < 102.9.0-150000.150.79.1 sles-15 ppc64le
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-15&sp=1 suse MozillaFirefox-translations-common < 102.9.0-150000.150.79.1 sles-15 aarch64
Affected pkg:rpm/suse/MozillaFirefox-devel?arch=x86_64&distro=sles-15&sp=1 suse MozillaFirefox-devel < 102.9.0-150000.150.79.1 sles-15 x86_64
Affected pkg:rpm/suse/MozillaFirefox-devel?arch=s390x&distro=sles-15&sp=1 suse MozillaFirefox-devel < 102.9.0-150000.150.79.1 sles-15 s390x
Affected pkg:rpm/suse/MozillaFirefox-devel?arch=ppc64le&distro=sles-15&sp=1 suse MozillaFirefox-devel < 102.9.0-150000.150.79.1 sles-15 ppc64le
Affected pkg:rpm/suse/MozillaFirefox-devel?arch=aarch64&distro=sles-15&sp=1 suse MozillaFirefox-devel < 102.9.0-150000.150.79.1 sles-15 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date