Rocky Linux: RLSA-2023:4468 firefox security update
Summary
An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
TODO: add package description This update upgrades Firefox to version 102.14.0 ESR. Security Fix(es): * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049) * Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057) * Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
firefox-0:102.14.0-1.el8_8.aarch64.rpm
firefox-0:102.14.0-1.el8_8.src.rpm
firefox-0:102.14.0-1.el8_8.x86_64.rpm
firefox-debuginfo-0:102.14.0-1.el8_8.aarch64.rpm
firefox-debuginfo-0:102.14.0-1.el8_8.x86_64.rpm
firefox-debugsource-0:102.14.0-1.el8_8.aarch64.rpm
firefox-debugsource-0:102.14.0-1.el8_8.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4057
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2228360
https://bugzilla.redhat.com/show_bug.cgi?id=2228361
https://bugzilla.redhat.com/show_bug.cgi?id=2228362
https://bugzilla.redhat.com/show_bug.cgi?id=2228363
https://bugzilla.redhat.com/show_bug.cgi?id=2228364
https://bugzilla.redhat.com/show_bug.cgi?id=2228365
https://bugzilla.redhat.com/show_bug.cgi?id=2228367
https://bugzilla.redhat.com/show_bug.cgi?id=2228370
https://bugzilla.redhat.com/show_bug.cgi?id=2228371