exploitDog

SUSE-SU-2023:2958-1

Опубликовано: 25 июл. 2023

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox was updated to version 115.0.2 ESR (bsc#1213230):

CVE-2023-3600: Fixed Use-after-free in workers (bmo#1839703).

Bugfixes:

Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751).
Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804).
Fixed a bug with broken audio rendering on some websites (bmo#1841982).
Fixed a bug with patternTransform translate using the wrong units (bmo#1840746).
Fixed a crash affecting Windows 7 users related to the DLL blocklist.
Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242).

Список пакетов

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150200.152.96.1

SUSE Enterprise Storage 7

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Enterprise Storage 7.1

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Real Time 15 SP3

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Server 15 SP2-LTSS

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Server 15 SP3-LTSS

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

openSUSE Leap 15.4

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-branding-upstream-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

openSUSE Leap 15.5

MozillaFirefox-115.0.2-150200.152.96.1

MozillaFirefox-branding-upstream-115.0.2-150200.152.96.1

MozillaFirefox-devel-115.0.2-150200.152.96.1

MozillaFirefox-translations-common-115.0.2-150200.152.96.1

MozillaFirefox-translations-other-115.0.2-150200.152.96.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232958-1/
Link for SUSE-SU-2023:2958-1
https://lists.suse.com/pipermail/sle-security-updates/2023-July/015620.html
E-Mail link for SUSE-SU-2023:2958-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1213230
SUSE Bug 1213230
https://www.suse.com/security/cve/CVE-2023-3600/
SUSE CVE CVE-2023-3600 page

Описание

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Затронутые продукты

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.0.2-150200.152.96.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.0.2-150200.152.96.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-3600.html
CVE-2023-3600
https://bugzilla.suse.com/1213230
SUSE Bug 1213230

Уязвимость SUSE-SU-2023:2958-1