Advisories ยป MGASA-2023-0266

Updated firefox/thunderbird packages fix security vulnerability

Publication date: 24 Sep 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-3600 , CVE-2023-4045 , CVE-2023-4046 , CVE-2023-4047 , CVE-2023-4048 , CVE-2023-4049 , CVE-2023-4050 , CVE-2023-4051 , CVE-2023-4053 , CVE-2023-4055 , CVE-2023-4056 , CVE-2023-4057 , CVE-2023-4573 , CVE-2023-4574 , CVE-2023-4575 , CVE-2023-4576 , CVE-2023-4577 , CVE-2023-4578 , CVE-2023-4580 , CVE-2023-4581 , CVE-2023-4583 , CVE-2023-4584 , CVE-2023-4585 , CVE-2023-4863


Use-after-free in workers. (CVE-2023-3600)

File Extension Spoofing using the Text Direction Override Character.

Offscreen Canvas could have bypassed cross-origin restrictions.

Incorrect value used during WASM compilation. (CVE-2023-4046)

Potential permissions request bypass via clickjacking. (CVE-2023-4047)

Crash in DOMParser due to out-of-memory conditions. (CVE-2023-4048)

Fix potential race conditions when releasing platform objects.

Stack buffer overflow in StorageManager. (CVE-2023-4050)

Cookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055)

Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR
102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056)

Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and
Thunderbird 115.1. (CVE-2023-4057)

Memory corruption in IPC CanvasTranslator. (CVE-2023-4573)

Memory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574)

Memory corruption in IPC FilePickerShownCallback. (CVE-2023-4575)

Integer Overflow in RecordedSourceSurfaceCreation. (CVE-2023-4576)

Memory corruption in JIT UpdateRegExpStatics. (CVE-2023-4577)

Full screen notification obscured by file open dialog. (CVE-2023-4051)

Error reporting methods in SpiderMonkey could have triggered an Out of
Memory Exception. (CVE-2023-4578)

Full screen notification obscured by external program. (CVE-2023-4053)

Push notifications saved to disk unencrypted. (CVE-2023-4580)

XLL file extensions were downloadable without warnings. (CVE-2023-4581)

Browsing Context potentially not cleared when closing Private Window.

Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR
115.2, Thunderbird 102.15, and Thunderbird 115.2. (CVE-2023-4584)

Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and
Thunderbird 115.2. (CVE-2023-4585)

Heap buffer overflow in libwebp. (CVE-2023-4863)