[SUSE-SU-2023:4912-1] Security update for MozillaFirefox
Severity
Important
Affected Packages
9
CVEs
18
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974)
- CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).
- CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).
- CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
- CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
- CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).
- CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).
- CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
- CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
- CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
- CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123).
- CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863).
Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230)
- CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer
- CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled
- CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition
- CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer
- CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection.
- CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with '///'
- CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Package | Affected Version |
---|---|
pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
pkg:rpm/suse/MozillaFirefox-devel?arch=noarch&distro=sles-12&sp=5 | < 115.6.0-112.194.1 |
- ID
- SUSE-SU-2023:4912-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20234912-1/
- Published
-
2023-12-19T15:48:50
(9 months ago) - Modified
-
2023-12-19T15:48:50
(9 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2024-2377
- ALAS2-2024-2379
- ALPINE:CVE-2023-6204
- ALPINE:CVE-2023-6205
- ALPINE:CVE-2023-6206
- ALPINE:CVE-2023-6207
- ALPINE:CVE-2023-6208
- ALPINE:CVE-2023-6209
- ALPINE:CVE-2023-6212
- ALPINE:CVE-2023-6856
- ALPINE:CVE-2023-6857
- ALPINE:CVE-2023-6858
- ALPINE:CVE-2023-6859
- ALPINE:CVE-2023-6860
- ALPINE:CVE-2023-6861
- ALPINE:CVE-2023-6862
- ALPINE:CVE-2023-6863
- ALPINE:CVE-2023-6864
- ALPINE:CVE-2023-6865
- ALPINE:CVE-2023-6867
- ALSA-2023:7500
- ALSA-2023:7501
- ALSA-2023:7507
- ALSA-2023:7508
- ALSA-2024:0001
- ALSA-2024:0003
- ALSA-2024:0012
- ALSA-2024:0025
- DSA-5561-1
- DSA-5566-1
- DSA-5581-1
- DSA-5582-1
- ELSA-2023-7500
- ELSA-2023-7501
- ELSA-2023-7505
- ELSA-2023-7507
- ELSA-2023-7508
- ELSA-2023-7509
- ELSA-2024-0001
- ELSA-2024-0003
- ELSA-2024-0012
- ELSA-2024-0025
- ELSA-2024-0026
- ELSA-2024-0027
- GLSA-202401-10
- GLSA-202402-25
- MFSA-2023-49
- MFSA-2023-50
- MFSA-2023-52
- MFSA-2023-54
- MFSA-2023-55
- MFSA-2023-56
- RHSA-2023:7500
- RHSA-2023:7501
- RHSA-2023:7505
- RHSA-2023:7507
- RHSA-2023:7508
- RHSA-2023:7509
- RHSA-2024:0001
- RHSA-2024:0003
- RHSA-2024:0012
- RHSA-2024:0025
- RHSA-2024:0026
- RHSA-2024:0027
- RLSA-2023:7500
- RLSA-2024:0003
- RLSA-2024:0012
- SSA:2023-325-02
- SSA:2023-326-01
- SSA:2023-353-02
- SSA:2023-353-03
- SUSE-SU-2023:4588-1
- SUSE-SU-2023:4928-1
- SUSE-SU-2023:4929-1
- SUSE-SU-2024:0044-1
- USN-6509-1
- USN-6515-1
- USN-6562-1
- USN-6563-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/MozillaFirefox?arch=x86_64&distro=sles-12&sp=5 | suse | MozillaFirefox | < 115.6.0-112.194.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=s390x&distro=sles-12&sp=5 | suse | MozillaFirefox | < 115.6.0-112.194.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=ppc64le&distro=sles-12&sp=5 | suse | MozillaFirefox | < 115.6.0-112.194.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/MozillaFirefox?arch=aarch64&distro=sles-12&sp=5 | suse | MozillaFirefox | < 115.6.0-112.194.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations-common?arch=x86_64&distro=sles-12&sp=5 | suse | MozillaFirefox-translations-common | < 115.6.0-112.194.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/MozillaFirefox-translations-common?arch=s390x&distro=sles-12&sp=5 | suse | MozillaFirefox-translations-common | < 115.6.0-112.194.1 | sles-12 | s390x | |
Affected | pkg:rpm/suse/MozillaFirefox-translations-common?arch=ppc64le&distro=sles-12&sp=5 | suse | MozillaFirefox-translations-common | < 115.6.0-112.194.1 | sles-12 | ppc64le | |
Affected | pkg:rpm/suse/MozillaFirefox-translations-common?arch=aarch64&distro=sles-12&sp=5 | suse | MozillaFirefox-translations-common | < 115.6.0-112.194.1 | sles-12 | aarch64 | |
Affected | pkg:rpm/suse/MozillaFirefox-devel?arch=noarch&distro=sles-12&sp=5 | suse | MozillaFirefox-devel | < 115.6.0-112.194.1 | sles-12 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |