Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 544
Alerts This Week
Warning Icon 1 544

openSUSE: 2023:4928-1 Critical Advisory on MozillaFirefox Heap Overflow

opensuse
Calendar Grey December 20, 2023
Scroller Opensuse Esm H88
Google Chrome has released a critical security patch to fix multiple weaknesses. Safeguard your browsing experience by updating immediately.
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974)

Description

This update for MozillaFirefox fixes the following issues:

* Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974).

* CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced

method with Mesa VM driver (bmo#1843782).

* CVE-2023-6857: Symlinks may resolve to smaller than expected buffers

(bmo#1796023).

* CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).

* CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).

* CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture

validation (bmo#1854669).

* CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in

headless mode (bmo#1864118).

* CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).

* CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).

* CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,

and Thunderbird 115.6.

* CVE-2023-6865: Potential...

Read the Full Advisory

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2023-4928=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4928=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4928=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2023-4928=1

* SUSE Enterprise Storage 7.1

zypper in -t patch SUSE-Storage-7.1-2023-4928=1

* openSUSE Leap 15.4

zypper in -t patch openSUSE-SLE-15.4-2023-4928=1

* openSUSE Leap 15.5

zypper in -t patch openSUSE-SLE-15.5-2023-4928=1

* Desktop Applications Module 15-SP4

zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-4928=1

*...

Read the Full Advisory

Package List

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (aarch64 ppc64le s390x

x86_64)

* MozillaFirefox-translations-common-115.6.0-150200.152.120.1

* MozillaFirefox-debugsource-115.6.0-150200.152.120.1

* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1

* MozillaFirefox-115.6.0-150200.152.120.1

* MozillaFirefox-translations-other-115.6.0-150200.152.120.1

* SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (noarch)

* MozillaFirefox-devel-115.6.0-150200.152.120.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64)

* MozillaFirefox-translations-common-115.6.0-150200.152.120.1

* MozillaFirefox-debugsource-115.6.0-150200.152.120.1

* MozillaFirefox-debuginfo-115.6.0-150200.152.120.1

* MozillaFirefox-115.6.0-150200.152.120.1

* MozillaFirefox-translations-other-115.6.0-150200.152.120.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch)

* MozillaFirefox-devel-115.6.0-150200.152.120.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)

*...

Read the Full Advisory

References

* bsc#1217230

* bsc#1217974

## References:

* https://www.suse.com/security/cve/CVE-2023-6204.html

* https://www.suse.com/security/cve/CVE-2023-6205.html

* https://www.suse.com/security/cve/CVE-2023-6206.html

* https://www.suse.com/security/cve/CVE-2023-6207.html

* https://www.suse.com/security/cve/CVE-2023-6208.html

* https://www.suse.com/security/cve/CVE-2023-6209.html

* https://www.suse.com/security/cve/CVE-2023-6212.html

* https://www.suse.com/security/cve/CVE-2023-6856.html

* https://www.suse.com/security/cve/CVE-2023-6857.html

* https://www.suse.com/security/cve/CVE-2023-6858.html

* https://www.suse.com/security/cve/CVE-2023-6859.html

* https://www.suse.com/security/cve/CVE-2023-6860.html

* https://www.suse.com/security/cve/CVE-2023-6861.html

* https://www.suse.com/security/cve/CVE-2023-6862.html

* https://www.suse.com/security/cve/CVE-2023-6863.html

* https://www.suse.com/security/cve/CVE-2023-6864.html

* https://www.suse.com/security/cve/CVE-2023-6865.html

*...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4928-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.