Описание
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues:
-
Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974).
- CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).
- CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).
- CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).
- CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).
- CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).
- CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).
- CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).
- CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).
- CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.
- CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123).
- CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863).
-
Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230)
- CVE-2023-6204 (bmo#1841050) Out-of-bound memory access in WebGL2 blitFramebuffer
- CVE-2023-6205 (bmo#1854076) Use-after-free in MessagePort::Entangled
- CVE-2023-6206 (bmo#1857430) Clickjacking permission prompts using the fullscreen transition
- CVE-2023-6207 (bmo#1861344) Use-after-free in ReadableByteStreamQueueEntry::Buffer
- CVE-2023-6208 (bmo#1855345) Using Selection API would copy contents into X11 primary selection.
- CVE-2023-6209 (bmo#1858570) Incorrect parsing of relative URLs starting with '///'
- CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252, bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943, bmo#1862782) Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5
Список пакетов
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP4-SAP-Azure-LI-BYOS
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
Image SLES15-SP4-SAP-Azure-VLI-BYOS
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP5-SAP-Azure-LI-BYOS
Image SLES15-SP5-SAP-Azure-LI-BYOS-Production
Image SLES15-SP5-SAP-Azure-VLI-BYOS
Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production
Image SLES15-SP6-SAP-Azure-LI-BYOS
Image SLES15-SP6-SAP-Azure-LI-BYOS-Production
Image SLES15-SP6-SAP-Azure-VLI-BYOS
Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
SUSE Linux Enterprise Real Time 15 SP4
SUSE Linux Enterprise Server 15 SP2-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
openSUSE Leap 15.4
openSUSE Leap 15.5
Ссылки
- Link for SUSE-SU-2023:4928-1
- E-Mail link for SUSE-SU-2023:4928-1
- SUSE Security Ratings
- SUSE Bug 1217230
- SUSE Bug 1217974
- SUSE CVE CVE-2023-6204 page
- SUSE CVE CVE-2023-6205 page
- SUSE CVE CVE-2023-6206 page
- SUSE CVE CVE-2023-6207 page
- SUSE CVE CVE-2023-6208 page
- SUSE CVE CVE-2023-6209 page
- SUSE CVE CVE-2023-6212 page
- SUSE CVE CVE-2023-6856 page
- SUSE CVE CVE-2023-6857 page
- SUSE CVE CVE-2023-6858 page
- SUSE CVE CVE-2023-6859 page
- SUSE CVE CVE-2023-6860 page
- SUSE CVE CVE-2023-6861 page
- SUSE CVE CVE-2023-6862 page
- SUSE CVE CVE-2023-6863 page
Описание
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6204
- SUSE Bug 1217230
Описание
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6205
- SUSE Bug 1217230
Описание
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6206
- SUSE Bug 1217230
Описание
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6207
- SUSE Bug 1217230
Описание
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6208
- SUSE Bug 1217230
Описание
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6209
- SUSE Bug 1217230
Описание
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Затронутые продукты
Ссылки
- CVE-2023-6212
- SUSE Bug 1217230
Описание
The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6856
- SUSE Bug 1217974
Описание
When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6857
- SUSE Bug 1217974
Описание
Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6858
- SUSE Bug 1217974
Описание
A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6859
- SUSE Bug 1217974
Описание
The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6860
- SUSE Bug 1217974
Описание
The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6861
- SUSE Bug 1217974
Описание
A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability affects Firefox ESR < 115.6 and Thunderbird < 115.6.
Затронутые продукты
Ссылки
- CVE-2023-6862
- SUSE Bug 1217974
Описание
The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6863
- SUSE Bug 1217974
Описание
Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6864
- SUSE Bug 1217974
Описание
`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6865
- SUSE Bug 1217974
Описание
The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.
Затронутые продукты
Ссылки
- CVE-2023-6867
- SUSE Bug 1217974