RLSA-2023:0808 --- firefoxID: oval:org.secpod.oval:def:4501216 | Date: (C)2023-03-13 (M)2024-03-27 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix: * Mozilla: Arbitrary memory write via PKCS 12 in NSS * Mozilla: Content security policy leak in violation reports using iframes * Mozilla: Screen hijack via browser fullscreen mode * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext * Mozilla: Fullscreen notification not shown in Firefox Focus * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 * Mozilla: Extensions could have opened external schemes without user knowledge * Mozilla: Out of bounds memory write from EncodeInputStream * Mozilla: Web Crypto ImportKey crashes tab For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.