Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

SUSE: 2023:4929-1 Important: MozillaFirefox Heap Overflow Risk

suse
Calendar Grey December 20, 2023
Dist Suse Esm H88
Critical security patch for SUSE addresses multiple vulnerabilities in MozillaFirefox, ensuring enhanced safety.
* bsc#1217230 * bsc#1217974 Cross-References: * CVE-2023-6204

Summary

## This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974) * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782). * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023). * CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791). * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144). * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669). * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118). * CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042). *

References

* bsc#1217230

* bsc#1217974

Cross-

* CVE-2023-6204

* CVE-2023-6205

* CVE-2023-6206

* CVE-2023-6207

* CVE-2023-6208

* CVE-2023-6209

* CVE-2023-6212

* CVE-2023-6856

* CVE-2023-6857

* CVE-2023-6858

* CVE-2023-6859

* CVE-2023-6860

* CVE-2023-6861

* CVE-2023-6862

* CVE-2023-6863

* CVE-2023-6864

* CVE-2023-6865

* CVE-2023-6867

CVSS scores:

* CVE-2023-6204 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2023-6205 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2023-6206 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

* CVE-2023-6207 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-6208 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2023-6209 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4929-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.