[ALSA-2023:3143] Important: firefox security update
Type:
security
Severity:
important
Release date:
2023-05-19
Description:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.11.0 ESR. Security Fix(es): * Mozilla: Browser prompts could have been obscured by popups (CVE-2023-32205) * Mozilla: Crash in RLBox Expat driver (CVE-2023-32206) * Mozilla: Potential permissions request bypass via clickjacking (CVE-2023-32207) * Mozilla: Memory safety bugs fixed in Firefox 113 and Firefox ESR 102.11 (CVE-2023-32215) * Mozilla: Content process crash due to invalid wasm code (CVE-2023-32211) * Mozilla: Potential spoof due to obscured address bar (CVE-2023-32212) * Mozilla: Potential memory corruption in FileReader::DoReadData() (CVE-2023-32213) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-102.11.0-2.el9_2.alma.aarch64.rpm 39d50d80cdcad7dd674e11bbf598cf48c74014cce9377ec6b5ce203135982fef
aarch64 firefox-x11-102.11.0-2.el9_2.alma.aarch64.rpm a2879c174f3a71ec17891f45e6f3ece527ff61d1ee6054cc1af59e730d294053
ppc64le firefox-102.11.0-2.el9_2.alma.ppc64le.rpm c06201cadec10ef081a04c096f02855ba842e2fd1b4d95619e181ae25111eaca
ppc64le firefox-x11-102.11.0-2.el9_2.alma.ppc64le.rpm f28e4817d67e9ba23dfd87703c86d9c6054babcfaa39c01eda1d0f0a6d8aab32
s390x firefox-102.11.0-2.el9_2.alma.s390x.rpm 10aa3a96657333c7f960b10bbb61223cb1fae3ecc331288f30a48750e8260345
s390x firefox-x11-102.11.0-2.el9_2.alma.s390x.rpm 5080a2801b2ba3f4f93fd0d8342549c7041d128800da6423c8ce41bd6a566547
x86_64 firefox-x11-102.11.0-2.el9_2.alma.x86_64.rpm a1105c3b6d6f5ec8abd3440456e7be1fce27d772602e0c16fdf65f5494729a5a
x86_64 firefox-102.11.0-2.el9_2.alma.x86_64.rpm e3935eeb3b8c706b85c0f001318989af42b0452f0b3d425a3ab780112fcb9afe
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.