Bugzilla – Bug 1216338
VUL-0: MozillaFirefox / MozillaThunderbird: update to 119 and 115.4esr
Last modified: 2024-01-24 15:29:53 UTC
Security Vulnerabilities fixed in Firefox 119: - CVE-2023-5721: Queued up rendering could have allowed websites to clickjack - CVE-2023-5722: Cross-Origin size and header leakage - CVE-2023-5723: Invalid cookie characters could have led to unexpected errors - CVE-2023-5724: Large WebGL draw could have led to a crash - CVE-2023-5725: WebExtensions could open arbitrary URLs - CVE-2023-5726: Full screen notification obscured by file open dialog on macOS - CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows - CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash. - CVE-2023-5729: Fullscreen notification dialog could have been obscured by WebAuthn prompts - CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 - CVE-2023-5731: Memory safety bugs fixed in Firefox 119 https://www.mozilla.org/en-US/security/advisories/mfsa2023-45/
- Mozilla Firefox ESR 115.4 MFSA 2023-46 * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979, bmo#1836962) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1 - Mozilla Thunderbird 115.4.1 MFSA 2023-47 * CVE-2023-5721 (bmo#1830820) Queued up rendering could have allowed websites to clickjack * CVE-2023-5732 (bmo#1690979, bmo#1836962) Address bar spoofing via bidirectional characters * CVE-2023-5724 (bmo#1836705) Large WebGL draw could have led to a crash * CVE-2023-5725 (bmo#1845739) WebExtensions could open arbitrary URLs * CVE-2023-5726 (bmo#1846205) Full screen notification obscured by file open dialog on macOS * CVE-2023-5727 (bmo#1847180) Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows * CVE-2023-5728 (bmo#1852729) Improper object tracking during GC in the JavaScript engine could have led to a crash. * CVE-2023-5730 (bmo#1836607, bmo#1840918, bmo#1848694, bmo#1848833, bmo#1850191, bmo#1850259, bmo#1852596, bmo#1853201, bmo#1854002, bmo#1855306, bmo#1855640, bmo#1856695) Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1
This is an autogenerated message for OBS integration: This bug (1216338) was mentioned in https://build.opensuse.org/request/show/1120173 Factory / MozillaThunderbird
SUSE-SU-2023:4214-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1216338 CVE References: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731 Sources used: openSUSE Leap 15.4 (src): MozillaFirefox-115.4.0-150200.152.114.1 openSUSE Leap 15.5 (src): MozillaFirefox-115.4.0-150200.152.114.1 Desktop Applications Module 15-SP4 (src): MozillaFirefox-115.4.0-150200.152.114.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.4.0-150200.152.114.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.4.0-150200.152.114.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4213-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1216338 CVE References: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.4.0-150000.150.113.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.4.0-150000.150.113.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.4.0-150000.150.113.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.4.0-150000.150.113.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4212-1: An update that solves 11 vulnerabilities can now be installed. Category: security (important) Bug References: 1216338 CVE References: CVE-2023-5721, CVE-2023-5722, CVE-2023-5723, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5729, CVE-2023-5730, CVE-2023-5731 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.4.0-112.188.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.4.0-112.188.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.4.0-112.188.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.4.0-112.188.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4302-1: An update that solves eight vulnerabilities can now be installed. Category: security (important) Bug References: 1216338 CVE References: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732 Sources used: openSUSE Leap 15.4 (src): MozillaThunderbird-115.4.1-150200.8.136.1 openSUSE Leap 15.5 (src): MozillaThunderbird-115.4.1-150200.8.136.1 SUSE Package Hub 15 15-SP4 (src): MozillaThunderbird-115.4.1-150200.8.136.1 SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.4.1-150200.8.136.1 SUSE Linux Enterprise Workstation Extension 15 SP4 (src): MozillaThunderbird-115.4.1-150200.8.136.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.4.1-150200.8.136.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4533-1: An update that solves eight vulnerabilities can now be installed. Category: security (important) Bug References: 1216338, 1217230 CVE References: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.5.0-150000.150.116.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.5.0-150000.150.116.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.5.0-150000.150.116.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.5.0-150000.150.116.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4532-1: An update that solves eight vulnerabilities can now be installed. Category: security (important) Bug References: 1216338, 1217230 CVE References: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.5.0-112.191.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.5.0-112.191.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.5.0-112.191.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.5.0-112.191.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:4551-1: An update that solves eight vulnerabilities can now be installed. Category: security (important) Bug References: 1216338, 1217230 CVE References: CVE-2023-5721, CVE-2023-5724, CVE-2023-5725, CVE-2023-5726, CVE-2023-5727, CVE-2023-5728, CVE-2023-5730, CVE-2023-5732 Sources used: openSUSE Leap 15.4 (src): MozillaFirefox-115.5.0-150200.152.117.1 openSUSE Leap 15.5 (src): MozillaFirefox-115.5.0-150200.152.117.1 Desktop Applications Module 15-SP4 (src): MozillaFirefox-115.5.0-150200.152.117.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.5.0-150200.152.117.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.5.0-150200.152.117.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
done