Bugzilla – Bug 1215814
VUL-0: MozillaFirefox: update to 118.0.1 and 115.3.1esr
Last modified: 2024-01-24 15:29:53 UTC
Security Vulnerability fixed in Firefox 118.0.1, Firefox ESR 115.3.1, Firefox for Android 118.1.0, and Firefox Focus for Android 118.1.0. CVE-2023-5217: Heap buffer overflow in libvpx Reporter Clément Lecigne of Google's Threat Analysis Group Impact critical Description Specific handling of an attacker-controlled VP8 media stream could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. References Bug https://www.cve.org/CVERecord?id=CVE-2023-5217 Bug https://bugzilla.mozilla.org/show_bug.cgi?id=1855550 Bug https://bugs.chromium.org/p/chromium/issues/detail?id=1486441 Referenzen: https://www.mozilla.org/en-US/security/advisories/mfsa2023-44/
CVE-2023-5217 is bug 1215778 for libvpx
This is an autogenerated message for OBS integration: This bug (1215814) was mentioned in https://build.opensuse.org/request/show/1114282 Factory / MozillaFirefox
This is an autogenerated message for OBS integration: This bug (1215814) was mentioned in https://build.opensuse.org/request/show/1114452 Factory / MozillaThunderbird
SUSE-SU-2023:3941-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1215814 CVE References: CVE-2023-5217 Sources used: SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.3.1-150000.150.110.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.3.1-150000.150.110.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3950-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1215814 CVE References: CVE-2023-5217 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.3.1-112.185.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.3.1-112.185.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.3.1-112.185.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.3.1-112.185.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:3949-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1215814 CVE References: CVE-2023-5217 Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.3.1-150200.152.111.1 openSUSE Leap 15.4 (src): MozillaFirefox-115.3.1-150200.152.111.1 openSUSE Leap 15.5 (src): MozillaFirefox-115.3.1-150200.152.111.1 Desktop Applications Module 15-SP4 (src): MozillaFirefox-115.3.1-150200.152.111.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.3.1-150200.152.111.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.3.1-150200.152.111.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4016-1: An update that solves six vulnerabilities can now be installed. Category: security (critical) Bug References: 1210168, 1215309, 1215575, 1215814 CVE References: CVE-2023-5168, CVE-2023-5169, CVE-2023-5171, CVE-2023-5174, CVE-2023-5176, CVE-2023-5217 Sources used: openSUSE Leap 15.4 (src): MozillaThunderbird-115.3.1-150200.8.133.1 openSUSE Leap 15.5 (src): MozillaThunderbird-115.3.1-150200.8.133.1 SUSE Package Hub 15 15-SP4 (src): MozillaThunderbird-115.3.1-150200.8.133.1 SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.3.1-150200.8.133.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): MozillaThunderbird-115.3.1-150200.8.133.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.3.1-150200.8.133.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done