Advisories ยป MGASA-2023-0342

Updated firefox packages fix security vulnerabilities

Publication date: 08 Dec 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6204 , CVE-2023-6205 , CVE-2023-6206 , CVE-2023-6207 , CVE-2023-6208 , CVE-2023-6209 , CVE-2023-6212


The updated packages fix security vulnerabilities.

Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)

Use-after-free in MessagePort::Entangled. (CVE-2023-6205)

Clickjacking permission prompts using the fullscreen transition.

Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)

Using Selection API would copy contents into X11 primary selection.

Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)

Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5. (CVE-2023-6212)