[ALSA-2024:0012] Important: firefox security update
Release date:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.6.0 ESR. Security Fix(es): * Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (CVE-2023-6856) * Mozilla: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6 (CVE-2023-6864) * Mozilla: Potential exposure of uninitialized data in EncryptingOutputStream (CVE-2023-6865) * Mozilla: Symlinks may resolve to smaller than expected buffers (CVE-2023-6857) * Mozilla: Heap buffer overflow in nsTextFragment (CVE-2023-6858) * Mozilla: Use-after-free in PR_GetIdentitiesLayer (CVE-2023-6859) * Mozilla: Potential sandbox escape due to VideoBridge lack of texture validation (CVE-2023-6860) * Mozilla: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (CVE-2023-6861) * Mozilla: Use-after-free in nsDNSService (CVE-2023-6862) * Mozilla: Clickjacking permission prompts using the popup transition (CVE-2023-6867) * Mozilla: Undefined behavior in ShutdownObserver() (CVE-2023-6863) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-115.6.0-1.el8_9.alma.aarch64.rpm 45c4419c7b8210b8fbfe75b25a73af8a90b9b0c3ce2f027c3cbc652bf29f4570
ppc64le firefox-115.6.0-1.el8_9.alma.ppc64le.rpm 73c33819f68b913e568552bdb6cc3122b079c5dfb9a05d32fb90e98042564052
s390x firefox-115.6.0-1.el8_9.alma.s390x.rpm ca25974d6f14535518ceef6af1e395aafa2a8d95c3ca3453d2417f1d0573674b
x86_64 firefox-115.6.0-1.el8_9.alma.x86_64.rpm e74079bac988d4d6e9400e71a39db579e2758386a599f40241d9bb663078c51d
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.