[ALSA-2023:0810] Important: firefox security update
Type:
security
Severity:
important
Release date:
2023-02-21
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.8.0 ESR. Security Fix(es): * Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767) * Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728) * Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730) * Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735) * Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737) * Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739) * Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743) * Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744) * Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746) * Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729) * Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732) * Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-x11-102.8.0-2.el9_1.alma.aarch64.rpm 1d798bd20d2113dc97f13a8f7117f36bfa8e3c766ef61f52f3ad42e9f956d66f
aarch64 firefox-102.8.0-2.el9_1.alma.aarch64.rpm f9dd4789469debc57b6205d2e3d9ce618ef0ccdbc5cfbf1f98d34d9a8f5ca44a
ppc64le firefox-x11-102.8.0-2.el9_1.alma.ppc64le.rpm a954db8ae23c5c20e3a0346ba9722981dccb2741dc88159a7f29343f137b0337
ppc64le firefox-102.8.0-2.el9_1.alma.ppc64le.rpm adfc4e1caf74711e71ea4d09b24d7dfdc8940a29e0d46b19d20ad9f95d4928dd
s390x firefox-102.8.0-2.el9_1.alma.s390x.rpm 0f650f6200d87c19090dff70d100be510c58dc8de3a4cc509cf353ab77ce0777
s390x firefox-x11-102.8.0-2.el9_1.alma.s390x.rpm 1061182b0b8d2bf182c9818f66778907af0355f3e8fad28c0b4986f1b394066a
x86_64 firefox-x11-102.8.0-2.el9_1.alma.x86_64.rpm 4d7e425479e4ad3194eececce2e6ee9542351d90d3ef0ca4c4111f7c70a2cbbc
x86_64 firefox-102.8.0-2.el9_1.alma.x86_64.rpm 6347aa4980a80ae3b3735a32fdef6b52eef3077b021bd132f50ab8cd65798d22
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.