1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:4912-1

[SUSE-SU-2023:4912-1] Security update for MozillaFirefox

Severity Important
Affected Packages 9
CVEs 18
Info Packages References Vulnerabilities

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

  • Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974)

    • CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).
    • CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).
    • CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
    • CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
    • CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).
    • CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).
    • CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
    • CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
    • CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
    • CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123).
    • CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863).

  • Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230)

    • CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer
    • CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled
    • CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition
    • CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer
    • CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection.
    • CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with '///'
    • CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Package Affected Version
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-12&sp=5 < 115.6.0-112.194.1
pkg:rpm/suse/MozillaFirefox-devel?arch=noarch&distro=sles-12&sp=5 < 115.6.0-112.194.1
ID
SUSE-SU-2023:4912-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20234912-1/
Published
2023-12-19T15:48:50
(9 months ago)
Modified
2023-12-19T15:48:50
(9 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4912-1.json
Suse URL for SUSE-SU-2023:4912-1 https://www.suse.com/support/update/announcement/2023/suse-su-20234912-1/
Suse E-Mail link for SUSE-SU-2023:4912-1 https://lists.suse.com/pipermail/sle-security-updates/2023-December/017449.html
Bugzilla SUSE Bug 1217230 https://bugzilla.suse.com/1217230
Bugzilla SUSE Bug 1217974 https://bugzilla.suse.com/1217974
CVE SUSE CVE CVE-2023-6204 page https://www.suse.com/security/cve/CVE-2023-6204/
CVE SUSE CVE CVE-2023-6205 page https://www.suse.com/security/cve/CVE-2023-6205/
CVE SUSE CVE CVE-2023-6206 page https://www.suse.com/security/cve/CVE-2023-6206/
CVE SUSE CVE CVE-2023-6207 page https://www.suse.com/security/cve/CVE-2023-6207/
CVE SUSE CVE CVE-2023-6208 page https://www.suse.com/security/cve/CVE-2023-6208/
CVE SUSE CVE CVE-2023-6209 page https://www.suse.com/security/cve/CVE-2023-6209/
CVE SUSE CVE CVE-2023-6212 page https://www.suse.com/security/cve/CVE-2023-6212/
CVE SUSE CVE CVE-2023-6856 page https://www.suse.com/security/cve/CVE-2023-6856/
CVE SUSE CVE CVE-2023-6857 page https://www.suse.com/security/cve/CVE-2023-6857/
CVE SUSE CVE CVE-2023-6858 page https://www.suse.com/security/cve/CVE-2023-6858/
CVE SUSE CVE CVE-2023-6859 page https://www.suse.com/security/cve/CVE-2023-6859/
CVE SUSE CVE CVE-2023-6860 page https://www.suse.com/security/cve/CVE-2023-6860/
CVE SUSE CVE CVE-2023-6861 page https://www.suse.com/security/cve/CVE-2023-6861/
CVE SUSE CVE CVE-2023-6862 page https://www.suse.com/security/cve/CVE-2023-6862/
CVE SUSE CVE CVE-2023-6863 page https://www.suse.com/security/cve/CVE-2023-6863/
CVE SUSE CVE CVE-2023-6864 page https://www.suse.com/security/cve/CVE-2023-6864/
CVE SUSE CVE CVE-2023-6865 page https://www.suse.com/security/cve/CVE-2023-6865/
CVE SUSE CVE CVE-2023-6867 page https://www.suse.com/security/cve/CVE-2023-6867/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12&sp=5 suse MozillaFirefox < 115.6.0-112.194.1 sles-12 x86_64
Affected pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12&sp=5 suse MozillaFirefox < 115.6.0-112.194.1 sles-12 s390x
Affected pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12&sp=5 suse MozillaFirefox < 115.6.0-112.194.1 sles-12 ppc64le
Affected pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-12&sp=5 suse MozillaFirefox < 115.6.0-112.194.1 sles-12 aarch64
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-12&sp=5 suse MozillaFirefox-translations-common < 115.6.0-112.194.1 sles-12 x86_64
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-12&sp=5 suse MozillaFirefox-translations-common < 115.6.0-112.194.1 sles-12 s390x
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-12&sp=5 suse MozillaFirefox-translations-common < 115.6.0-112.194.1 sles-12 ppc64le
Affected pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-12&sp=5 suse MozillaFirefox-translations-common < 115.6.0-112.194.1 sles-12 aarch64
Affected pkg:rpm/suse/MozillaFirefox-devel?arch=noarch&distro=sles-12&sp=5 suse MozillaFirefox-devel < 115.6.0-112.194.1 sles-12 noarch
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date