RLSA-2023:4952 --- firefoxID: oval:org.secpod.oval:def:4501488 | Date: (C)2023-10-13 (M)2024-02-19 |
Class: PATCH | Family: unix |
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.15.0 ESR. Security Fix: * Mozilla: Memory corruption in IPC CanvasTranslator * Mozilla: Memory corruption in IPC ColorPickerShownCallback * Mozilla: Memory corruption in IPC FilePickerShownCallback * Mozilla: Memory corruption in JIT UpdateRegExpStatics * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 * Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 * Mozilla: Full screen notification obscured by file open dialog * Mozilla: Full screen notification obscured by external program * Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception * Mozilla: Push notifications saved to disk unencrypted * Mozilla: XLL file extensions were downloadable without warnings * Mozilla: Browsing Context potentially not cleared when closing Private Window For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.