Updated firefox/thunderbird packages fix security vulnerability
Publication date: 24 Sep 2023Modification date: 24 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-3600 , CVE-2023-4045 , CVE-2023-4046 , CVE-2023-4047 , CVE-2023-4048 , CVE-2023-4049 , CVE-2023-4050 , CVE-2023-4051 , CVE-2023-4053 , CVE-2023-4055 , CVE-2023-4056 , CVE-2023-4057 , CVE-2023-4573 , CVE-2023-4574 , CVE-2023-4575 , CVE-2023-4576 , CVE-2023-4577 , CVE-2023-4578 , CVE-2023-4580 , CVE-2023-4581 , CVE-2023-4583 , CVE-2023-4584 , CVE-2023-4585 , CVE-2023-4863
Description
Use-after-free in workers. (CVE-2023-3600) File Extension Spoofing using the Text Direction Override Character. (CVE-2023-3417) Offscreen Canvas could have bypassed cross-origin restrictions. (CVE-2023-4045) Incorrect value used during WASM compilation. (CVE-2023-4046) Potential permissions request bypass via clickjacking. (CVE-2023-4047) Crash in DOMParser due to out-of-memory conditions. (CVE-2023-4048) Fix potential race conditions when releasing platform objects. (CVE-2023-4049) Stack buffer overflow in StorageManager. (CVE-2023-4050) Cookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. (CVE-2023-4057) Memory corruption in IPC CanvasTranslator. (CVE-2023-4573) Memory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574) Memory corruption in IPC FilePickerShownCallback. (CVE-2023-4575) Integer Overflow in RecordedSourceSurfaceCreation. (CVE-2023-4576) Memory corruption in JIT UpdateRegExpStatics. (CVE-2023-4577) Full screen notification obscured by file open dialog. (CVE-2023-4051) Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception. (CVE-2023-4578) Full screen notification obscured by external program. (CVE-2023-4053) Push notifications saved to disk unencrypted. (CVE-2023-4580) XLL file extensions were downloadable without warnings. (CVE-2023-4581) Browsing Context potentially not cleared when closing Private Window. (CVE-2023-4583) Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2. (CVE-2023-4584) Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. (CVE-2023-4585) Heap buffer overflow in libwebp. (CVE-2023-4863)
References
- https://bugs.mageia.org/show_bug.cgi?id=32258
- https://www.mozilla.org/en-US/firefox/115.0.1/releasenotes/
- https://www.mozilla.org/en-US/firefox/115.0.2/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/
- https://www.mozilla.org/en-US/firefox/115.0.3/releasenotes/
- https://www.mozilla.org/en-US/firefox/115.1.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/
- https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/
- https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html
- https://firefox-source-docs.mozilla.org/security/nss/releases/index.html
- https://www.thunderbird.net/en-US/thunderbird/115.0/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/115.0.1/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/
- https://www.thunderbird.net/en-US/thunderbird/115.1.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/
- https://www.thunderbird.net/en-US/thunderbird/115.1.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/
- https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/115.2.1/releasenotes/
- https://www.thunderbird.net/en-US/thunderbird/115.2.2/releasenotes/
- https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3600
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4045
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4046
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4047
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4048
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4049
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4051
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4057
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4573
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4574
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4575
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4576
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4577
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4578
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4580
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4581
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4583
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4584
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4585
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4863
SRPMS
9/core
- rootcerts-20230720.00-1.mga9
- nss-3.93.0-1.mga9
- firefox-115.2.1-1.mga9
- firefox-l10n-115.2.1-1.mga9
- thunderbird-115.2.2-1.mga9
- thunderbird-l10n-115.2.2-1.mga9
8/core
- rootcerts-20230720.00-1.mga8
- nss-3.93.0-1.mga8
- firefox-102.15.1-1.mga8
- firefox-l10n-102.15.1-1.mga8
- thunderbird-102.15.1-1.mga8
- thunderbird-l10n-102.15.1-1.mga8