SUSE-SU-2023:0466-1 -- SLES MozillaFirefoxID: oval:org.secpod.oval:def:89048641 | Date: (C)2023-06-16 (M)2024-03-27 |
Class: PATCH | Family: unix |
This update for MozillaFirefox fixes the following issues: Updated to version 102.8.0 ESR : * CVE-2023-25728: Fixed content security policy leak in violation reports using iframes. * CVE-2023-25730: Fixed screen hijack via browser fullscreen mode. * CVE-2023-25743: Fixed Fullscreen notification not being shown in Firefox Focus. * CVE-2023-0767: Fixed arbitrary memory write via PKCS 12 in NSS. * CVE-2023-25735: Fixed potential use-after-free from compartment mismatch in SpiderMonkey. * CVE-2023-25737: Fixed invalid downcast in SVGUtils::SetupStrokeGeometry. * CVE-2023-25738: Fixed printing on Windows which could potentially crash Firefox with some device drivers. * CVE-2023-25739: Fixed use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext. * CVE-2023-25729: Fixed extensions opening external schemes without user knowledge. * CVE-2023-25732: Fixed out of bounds memory write from EncodeInputStream. * CVE-2023-25734: Fixed opening local .url files that causes unexpected network loads. * CVE-2023-25742: Fixed tab crash by Web Crypto ImportKey. * CVE-2023-25744: Fixed Memory safety bugs. * CVE-2023-25746: Fixed Memory safety bugs.
Platform: |
SUSE Linux Enterprise Server 12 SP2 |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |