[ALSA-2023:6188] Important: firefox security update
Release date:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.4.0 ESR. Security Fix(es): * Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721) * Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730) * libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488) * Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724) * Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725) * Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728) * Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 firefox-x11-115.4.0-1.el9_2.alma.1.aarch64.rpm bfa457daa847814cc2bd868d3ebc9d9aa8ec1fa7ad418a62aa04b179032f28c8
aarch64 firefox-115.4.0-1.el9_2.alma.1.aarch64.rpm dd33c1573212cf687dd13b5550aff1be149c9412159156594ff324ea48c5754e
ppc64le firefox-115.4.0-1.el9_2.alma.1.ppc64le.rpm 1eab9af0994f43dce15e69df3932551e5691b82b53113f9440c697548e2a22a1
ppc64le firefox-x11-115.4.0-1.el9_2.alma.1.ppc64le.rpm 3f4b9309922794dab79796bf52c025c3302c310d79b8f843c89a8206af514a8f
s390x firefox-115.4.0-1.el9_2.alma.1.s390x.rpm 86880ffb7f3aed02ea9b1f3d4a21da0cf4cc5ce42bd3a0695ff1520d2e76431f
s390x firefox-x11-115.4.0-1.el9_2.alma.1.s390x.rpm 8c48c2d54df6a972776fa67964a781d32d60d8935a90ba1a1e8a13691cadffbd
x86_64 firefox-x11-115.4.0-1.el9_2.alma.1.x86_64.rpm 46f129bf720ad973b78d0e69ad275555eb35be2d3fdde4167b471e0627a3ab6b
x86_64 firefox-115.4.0-1.el9_2.alma.1.x86_64.rpm a476c0403b8f38c269c37653929874d29f6be77a298c8846eb81929f7d17d57f
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.