SUSE-SU-2023:0111-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89048146 | Date: (C)2023-02-02 (M)2024-03-27 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR : - CVE-2022-46871: Updated an out of date library which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs.
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |