[ALSA-2023:4468] Important: firefox security update
Release date:
TODO: add package description This update upgrades Firefox to version 102.14.0 ESR. Security Fix(es): * Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions (CVE-2023-4045) * Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-4047) * Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048) * Mozilla: Fix potential race conditions when releasing platform objects (CVE-2023-4049) * Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056) * Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 (CVE-2023-4057) * Mozilla: Cookie jar overflow caused unexpected cookie jar state (CVE-2023-4055) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-102.14.0-1.el8_8.alma.aarch64.rpm dfe536c8bf222198081a7cbfac4b4e8be4f09ec56a572c3b0a77eef270866ba6
ppc64le firefox-102.14.0-1.el8_8.alma.ppc64le.rpm bb40461b5566e91fbf816c1e916b4d3fe64a1abf0801b38515ea3c8a8e86dbe1
s390x firefox-102.14.0-1.el8_8.alma.s390x.rpm 28967002408329d0a08c4e1ebb38c3893d778e69a57de41db1ca24ba77cbf976
x86_64 firefox-102.14.0-1.el8_8.alma.x86_64.rpm 5cb1ec451909dacad4c7bafb1a8b40b6ebda59c08d0a9e7ada418d59f87aeb73
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.