Advisories ยป MGASA-2023-0342

Updated firefox packages fix security vulnerabilities

Publication date: 08 Dec 2023
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-6204 , CVE-2023-6205 , CVE-2023-6206 , CVE-2023-6207 , CVE-2023-6208 , CVE-2023-6209 , CVE-2023-6212

Description

The updated packages fix security vulnerabilities.

Out-of-bound memory access in WebGL2 blitFramebuffer. (CVE-2023-6204)

Use-after-free in MessagePort::Entangled. (CVE-2023-6205)

Clickjacking permission prompts using the fullscreen transition.
(CVE-2023-6206)

Use-after-free in ReadableByteStreamQueueEntry::Buffer. (CVE-2023-6207)

Using Selection API would copy contents into X11 primary selection.
(CVE-2023-6208)

Incorrect parsing of relative URLs starting with "///". (CVE-2023-6209)

Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5. (CVE-2023-6212)
                

References

SRPMS

9/core