SUSE-SU-2023:0763-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89048632 | Date: (C)2023-06-13 (M)2024-03-27 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Update to version 102.9.0 ESR : * CVE-2023-28159: Fullscreen Notification could have been hidden by download popups on Android * CVE-2023-25748: Fullscreen Notification could have been hidden by window prompts on Android * CVE-2023-25749: Firefox for Android may have opened third-party apps without a prompt * CVE-2023-25750: Potential ServiceWorker cache leak during private browsing mode * CVE-2023-25751: Incorrect code generation during JIT compilation * CVE-2023-28160: Redirect to Web Extension files may have leaked local path * CVE-2023-28164: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation * CVE-2023-28161: One-time permissions granted to a local file were extended to other local files loaded in the same tab * CVE-2023-28162: Invalid downcast in Worklets * CVE-2023-25752: Potential out-of-bounds when accessing throttled streams * CVE-2023-28163: Windows Save As dialog resolved environment variables * CVE-2023-28176: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 * CVE-2023-28177: Memory safety bugs fixed in Firefox 111
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |