Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia: 2023-0266 Moderate: Memory Issues in Firefox and Thunderbird

mageia
Calendar Grey September 24, 2023
Dist Mageia Esm H88
Recent updates to Firefox and Thunderbird tackle significant security vulnerabilities related to memory corruption and file misrepresentation.
Use-after-free in workers

Summary

Use-after-free in workers. (CVE-2023-3600)
File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417)
Offscreen Canvas could have bypassed cross-origin restrictions. (CVE-2023-4045)
Incorrect value used during WASM compilation. (CVE-2023-4046)
Potential permissions request bypass via clickjacking. (CVE-2023-4047)
Crash in DOMParser due to out-of-memory conditions. (CVE-2023-4048)
Fix potential race conditions when releasing platform objects. (CVE-2023-4049)
Stack buffer overflow in StorageManager. (CVE-2023-4050)
Cookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055)
Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056)
Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. (CVE-2023-4057)
Memory corruption in IPC CanvasTranslator. (CVE-2023-4573)
Memory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574)
Memory corruptio...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=32258

- https://www.firefox.com/en-US/firefox/115.0.1/releasenotes/?redirect_source=mozilla-org

- https://www.firefox.com/en-US/firefox/115.0.2/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/

- https://www.firefox.com/en-US/firefox/115.0.3/releasenotes/?redirect_source=mozilla-org

- https://www.firefox.com/en-US/firefox/115.1.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/

- https://www.firefox.com/en-US/firefox/115.2.0/releasenotes/?redirect_source=mozilla-org

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/

- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html

- https://firefox-source-docs.mozilla.org/security/nss/releases/index.html

- https://www.thunderbird.net/en-US/thunderbird/115.0/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/115.0.1/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/

- https://www.thunderbird.net/en-US/thunderbird/115.1.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/

- https://www.thunderbird.net/en-US/thunderbird/115.1.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/

- https://www.firefox.com/en-US/firefox/115.2.1/releasenotes/?redirect_source=mozilla-org

- https://www.thunderbird.net/en-US/thunderbird/115.2.1/releasenotes/

- https://www.thunderbird.net/en-US/thunderbird/115.2.2/releasenotes/

- https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/

- https://www.cve.org/CVERecord?id=CVE-2023-3600

- https://www.cve.org/CVERecord?id=CVE-2023-4045

- https://www.cve.org/CVERecord?id=CVE-2023-4046

- https://www.cve.org/CVERecord?id=CVE-2023-4047

- https://www.cve.org/CVERecord?id=CVE-2023-4048

- https://www.cve.org/CVERecord?id=CVE-2023-4049

- https://www.cve.org/CVERecord?id=CVE-2023-4050

- https://www.cve.org/CVERecord?id=CVE-2023-4051

- https://www.cve.org/CVERecord?id=CVE-2023-4053

- https://www.cve.org/CVERecord?id=CVE-2023-4055

- https://www.cve.org/CVERecord?id=CVE-2023-4056

- https://www.cve.org/CVERecord?id=CVE-2023-4057

- https://www.cve.org/CVERecord?id=CVE-2023-4573

- https://www.cve.org/CVERecord?id=CVE-2023-4574

- https://www.cve.org/CVERecord?id=CVE-2023-4575

- https://www.cve.org/CVERecord?id=CVE-2023-4576

- https://www.cve.org/CVERecord?id=CVE-2023-4577

- https://www.cve.org/CVERecord?id=CVE-2023-4578

- https://www.cve.org/CVERecord?id=CVE-2023-4580

- https://www.cve.org/CVERecord?id=CVE-2023-4581

- https://www.cve.org/CVERecord?id=CVE-2023-4583

- https://www.cve.org/CVERecord?id=CVE-2023-4584

- https://www.cve.org/CVERecord?id=CVE-2023-4585

- https://www.cve.org/CVERecord?id=CVE-2023-4863

Topics%20covered

Topics Covered

security advisory moderate Firefox memory safety Thunderbird Mageia file spoofing

Resolution

SRPMS

- 9/core/rootcerts-20230720.00-1.mga9

- 9/core/nss-3.93.0-1.mga9

- 9/core/firefox-115.2.1-1.mga9

- 9/core/firefox-l10n-115.2.1-1.mga9

- 9/core/thunderbird-115.2.2-1.mga9

- 9/core/thunderbird-l10n-115.2.2-1.mga9

- 8/core/rootcerts-20230720.00-1.mga8

- 8/core/nss-3.93.0-1.mga8

- 8/core/firefox-102.15.1-1.mga8

- 8/core/firefox-l10n-102.15.1-1.mga8

- 8/core/thunderbird-102.15.1-1.mga8

- 8/core/thunderbird-l10n-102.15.1-1.mga8

Publication date: 24 Sep 2023
URL: https://advisories.mageia.org/MGASA-2023-0266.html
Type: security
CVE: CVE-2023-3600, CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4051, CVE-2023-4053, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057, CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585, CVE-2023-4863

Topics%20covered

Topics Covered

security advisory moderate Firefox memory safety Thunderbird Mageia file spoofing

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here