firefox-115.5.0-1.el8_9.ML.1
エラータID: AXSA:2024-7349:01
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 115.5.0 ESR.
Security Fix(es):
Mozilla: Out-of-bound memory access in WebGL2 blitFramebuffer
(CVE-2023-6204)
Mozilla: Use-after-free in MessagePort::Entangled (CVE-2023-6205)
Mozilla: Clickjacking permission prompts using the fullscreen transition
(CVE-2023-6206)
Mozilla: Use-after-free in ReadableByteStreamQueueEntry::Buffer
(CVE-2023-6207)
Mozilla: Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5, and
Thunderbird 115.5 (CVE-2023-6212)
Mozilla: Using Selection API would copy contents into X11 primary selection.
(CVE-2023-6208)
Mozilla: Incorrect parsing of relative URLs starting with "///"
(CVE-2023-6209)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2023-6204
CVE-2023-6205
CVE-2023-6206
CVE-2023-6207
CVE-2023-6208
CVE-2023-6209
CVE-2023-6212
Update packages.
On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. *This bug only affects Firefox on X11. Other systems are unaffected.* This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. This could contribute to security problems in web sites. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5.
N/A
SRPMS
- firefox-115.5.0-1.el8_9.ML.1.src.rpm
MD5: 3bc2207209768c262af8b4d351c0d378
SHA-256: e052db0d77439962727f13a286ff3a0d2963161700ef963ffc5fe467854a4fa0
Size: 703.24 MB
Asianux Server 8 for x86_64
- firefox-115.5.0-1.el8_9.ML.1.x86_64.rpm
MD5: 5a1979a81784688be454f7e6b5752741
SHA-256: de1f024c15ea6cbc0075f98107f1c8e0e765ff3e3f0f88c40a7bd0929fbcd429
Size: 112.88 MB
日本語