CESA-2023:0296 -- centos 7 firefoxID: oval:org.secpod.oval:def:205997 | Date: (C)2023-02-07 (M)2024-03-27 |
Class: PATCH | Family: unix |
Security Fix: Mozilla: libusrsctp library out of date Mozilla: Arbitrary file read from GTK drag and drop on Linux Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 Mozilla: Malicious command could be hidden in devtools output Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation Mozilla: Content Security Policy wasn#39;t being correctly applied to WebSockets in WebWorkers Mozilla: Fullscreen notification bypass Mozilla: Calls to lt;codegt;console.loglt;/codegt; allowed bypasing Content Security Policy via format directive For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.