SUSE-SU-2023:4929-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89051277 | Date: (C)2024-01-23 (M)2024-02-08 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.6.0 ESR changelog-entry * CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver . * CVE-2023-6857: Symlinks may resolve to smaller than expected buffers . * CVE-2023-6858: Heap buffer overflow in nsTextFragment . * CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer . * CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation . * CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen in headless mode . * CVE-2023-6862: Use-after-free in nsDNSService . * CVE-2023-6863: Undefined behavior in ShutdownObserver . * CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. * CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream . * CVE-2023-6867: Clickjacking permission prompts using the popup transition . Fixed: Various security fixes and other quality improvements MFSA 2023-50 * CVE-2023-6204 Out-of-bound memory access in WebGL2 blitFramebuffer * CVE-2023-6205 Use-after-free in MessagePort::Entangled * CVE-2023-6206 Clickjacking permission prompts using the fullscreen transition * CVE-2023-6207 Use-after- free in ReadableByteStreamQueueEntry::Buffer * CVE-2023-6208 Using Selection API would copy contents into X11 primary selection. * CVE-2023-6209 Incorrect parsing of relative URLs starting with "///" * CVE-2023-6212 Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Platform: |
SUSE Linux Enterprise Server 15 SP1 |