firefox-102.15.0-1.el9.ML.1

エラータID: AXSA:2023-6389:32

Release date: 
Thursday, September 7, 2023 - 09:39
Subject: 
firefox-102.15.0-1.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

* Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
* Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
* Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
* Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
* Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
* Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
* Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
* Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
* Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
* Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
* Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-4051
A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4053
A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.
CVE-2023-4573
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4574
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4575
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4577
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4578
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4580
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4581
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4583
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4584
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2023-4585
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. firefox-102.15.0-1.el9.ML.1.src.rpm
    MD5: 77dfada9383f5127b157bc2f703710ba
    SHA-256: 5838aeb6b75c5a526a4b3f80f41ffc44259121457e21bdf016e4f79ce0e115a0
    Size: 595.06 MB

Asianux Server 9 for x86_64
  1. firefox-102.15.0-1.el9.ML.1.x86_64.rpm
    MD5: f8f531ec045e5736b38663851362ca62
    SHA-256: b5a895dcecf166f6d2efa10ac1ffd156c6a34294477e0db2fc24e61d3137fbf3
    Size: 107.09 MB
  2. firefox-x11-102.15.0-1.el9.ML.1.x86_64.rpm
    MD5: 080aae58bcecc8f446cb6c82bf43627b
    SHA-256: 2c192d8a755dc772cdcadc47a0cd04f6a56b737cae59db23a73fcd2b1dd2c190
    Size: 14.49 kB