RLSA-2022:8554 --- firefoxID: oval:org.secpod.oval:def:4501031 | Date: (C)2023-03-23 (M)2023-11-19 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.5.0 ESR. Security Fix: * Mozilla: Service Workers might have learned size of cross-origin media files * Mozilla: Fullscreen notification bypass * Mozilla: Use-after-free in InputStream implementation * Mozilla: Use-after-free of a JavaScript Realm * Mozilla: Fullscreen notification bypass via windowName * Mozilla: Use-after-free in Garbage Collection * Mozilla: Memory safety bugs fixed in Firefox 107 and Firefox ESR 102.5 * Mozilla: ServiceWorker-intercepted requests bypassed SameSite cookie policy * Mozilla: Cross-Site Tracing was possible via non-standard override headers * Mozilla: Symlinks may resolve to partially uninitialized buffers * Mozilla: Keystroke Side-Channel Leakage * Mozilla: Custom mouse cursor could have been drawn over browser UI * Mozilla: Iframe contents could be rendered outside the iframe For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.