exploitDog

SUSE-SU-2023:2960-1

Опубликовано: 25 июл. 2023

Источник: suse-cvrf

Описание

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues:

Firefox Extended Support Release 115.0.2 ESR (MFSA 2023-26, bsc#1213230)

Security fixes:

CVE-2023-3600: Fixed use-after-free in workers (bmo#1839703)

Other fixes:

Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL (bmo#1841751)
Fixed a bug with displaying a caret in the text editor on some websites (bmo#1840804)
Fixed a bug with broken audio rendering on some websites (bmo#1841982)
Fixed a bug with patternTransform translate using the wrong units (bmo#1840746)
Fixed a crash affecting Windows 7 users related to the DLL blocklist.

Firefox Extended Support Release 115.0.1 ESR

Fixed a startup crash for Windows users with Kingsoft Antivirus software installed (bmo#1837242)

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

MozillaFirefox-115.0.2-150000.150.94.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

MozillaFirefox-115.0.2-150000.150.94.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

MozillaFirefox-115.0.2-150000.150.94.1

MozillaFirefox-devel-115.0.2-150000.150.94.1

MozillaFirefox-translations-common-115.0.2-150000.150.94.1

MozillaFirefox-translations-other-115.0.2-150000.150.94.1

SUSE Linux Enterprise Server 15 SP1-LTSS

MozillaFirefox-115.0.2-150000.150.94.1

MozillaFirefox-devel-115.0.2-150000.150.94.1

MozillaFirefox-translations-common-115.0.2-150000.150.94.1

MozillaFirefox-translations-other-115.0.2-150000.150.94.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

MozillaFirefox-115.0.2-150000.150.94.1

MozillaFirefox-devel-115.0.2-150000.150.94.1

MozillaFirefox-translations-common-115.0.2-150000.150.94.1

MozillaFirefox-translations-other-115.0.2-150000.150.94.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232960-1/
Link for SUSE-SU-2023:2960-1
https://lists.suse.com/pipermail/sle-security-updates/2023-July/015618.html
E-Mail link for SUSE-SU-2023:2960-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1213230
SUSE Bug 1213230
https://www.suse.com/security/cve/CVE-2023-3600/
SUSE CVE CVE-2023-3600 page

Описание

During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.0.2-150000.150.94.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.0.2-150000.150.94.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0.2-150000.150.94.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0.2-150000.150.94.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-3600.html
CVE-2023-3600
https://bugzilla.suse.com/1213230
SUSE Bug 1213230