SUSE-SU-2023:4551-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89051169 | Date: (C)2024-01-23 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: * Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack * CVE-2023-5732: Address bar spoofing via bidirectional characters * CVE-2023-5724: Large WebGL draw could have led to a crash * CVE-2023-5725: WebExtensions could open arbitrary URLs * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1
Platform: |
SUSE Linux Enterprise Desktop 15 SP4 |
SUSE Linux Enterprise Desktop 15 SP5 |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |