Bugzilla – Bug 1213746
VUL-0: MozillaFirefox / MozillaThunderbird: update to 116 and 115.1esr
Last modified: 2024-01-24 15:29:52 UTC
- Mozilla Firefox 116 MFSA 2023-29 * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4051 (bmo#1821884) Full screen notification obscured by file open dialog * CVE-2023-4052 (bmo#1824420) File deletion and privilege escalation through Firefox uninstaller * CVE-2023-4053 (bmo#1839079) Full screen notification obscured by external program * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-4057 (bmo#1841682) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1 * CVE-2023-4058 (bmo#1819160, bmo#1828024) Memory safety bugs fixed in Firefox 116 - Mozilla Firefox ESR 115.1 MFSA 2023-31 * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4052 (bmo#1824420) File deletion and privilege escalation through Firefox uninstaller * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-4057 (bmo#1841682) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
SUSE-SU-2023:3163-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1213657, 1213746 CVE References: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.1.0-150000.150.97.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.1.0-150000.150.97.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.1.0-150000.150.97.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.1.0-150000.150.97.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3162-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1213657, 1213746 CVE References: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057 Sources used: openSUSE Leap 15.4 (src): MozillaFirefox-115.1.0-150200.152.99.1 openSUSE Leap 15.5 (src): MozillaFirefox-115.1.0-150200.152.99.1 Desktop Applications Module 15-SP4 (src): MozillaFirefox-115.1.0-150200.152.99.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.1.0-150200.152.99.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.1.0-150200.152.99.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3161-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1213657, 1213746 CVE References: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.1.0-112.173.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): MozillaFirefox-115.1.0-112.173.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.1.0-112.173.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.1.0-112.173.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.1.0-112.173.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
- Mozilla Thunderbird 102.14 MFSA 2023-32 * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 - Mozilla Thunderbird 115.1 MFSA 2023-33 * CVE-2023-4045 (bmo#1833876) Offscreen Canvas could have bypassed cross-origin restrictions * CVE-2023-4046 (bmo#1837686) Incorrect value used during WASM compilation * CVE-2023-4047 (bmo#1839073) Potential permissions request bypass via clickjacking * CVE-2023-4048 (bmo#1841368) Crash in DOMParser due to out-of-memory conditions * CVE-2023-4049 (bmo#1842658) Fix potential race conditions when releasing platform objects * CVE-2023-4050 (bmo#1843038) Stack buffer overflow in StorageManager * CVE-2023-4052 (bmo#1824420) File deletion and privilege escalation through Firefox uninstaller * CVE-2023-4054 (bmo#1840777) Lack of warning when opening appref-ms files * CVE-2023-4055 (bmo#1782561) Cookie jar overflow caused unexpected cookie jar state * CVE-2023-4056 (bmo#1820587, bmo#1824634, bmo#1839235, bmo#1842325, bmo#1843847) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 * CVE-2023-4057 (bmo#1841682) Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1
This is an autogenerated message for OBS integration: This bug (1213746) was mentioned in https://build.opensuse.org/request/show/1102113 Factory / MozillaThunderbird
This is an autogenerated message for OBS integration: This bug (1213746) was mentioned in https://build.opensuse.org/request/show/1102301 Factory / MozillaFirefox
This is an autogenerated message for OBS integration: This bug (1213746) was mentioned in https://build.opensuse.org/request/show/1102415 Factory / MozillaFirefox
SUSE-SU-2023:3228-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1213657, 1213746 CVE References: CVE-2023-4045, CVE-2023-4046, CVE-2023-4047, CVE-2023-4048, CVE-2023-4049, CVE-2023-4050, CVE-2023-4052, CVE-2023-4054, CVE-2023-4055, CVE-2023-4056, CVE-2023-4057 Sources used: openSUSE Leap 15.5 (src): MozillaThunderbird-115.1.0-150200.8.127.1 SUSE Package Hub 15 15-SP4 (src): MozillaThunderbird-115.1.0-150200.8.127.1 SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.1.0-150200.8.127.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): MozillaThunderbird-115.1.0-150200.8.127.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.1.0-150200.8.127.1 openSUSE Leap 15.4 (src): MozillaThunderbird-115.1.0-150200.8.127.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1213746) was mentioned in https://build.opensuse.org/request/show/1103536 Factory / MozillaFirefox
SUSE-SU-2023:3562-1: An update that solves 13 vulnerabilities can now be installed. Category: security (important) Bug References: 1213746, 1214606 CVE References: CVE-2023-4051, CVE-2023-4053, CVE-2023-4574, CVE-2023-4575, CVE-2023-4576, CVE-2023-4577, CVE-2023-4578, CVE-2023-4580, CVE-2023-4581, CVE-2023-4582, CVE-2023-4583, CVE-2023-4584, CVE-2023-4585 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.2.0-150000.150.100.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.2.0-150000.150.100.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.2.0-150000.150.100.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.2.0-150000.150.100.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done