1220048 – VUL-0: MozillaFirefox / MozillaThunderbird: update to 123 and 115.8esr

Bug 1220048 - VUL-0: MozillaFirefox / MozillaThunderbird: update to 123 and 115.8esr

Summary: VUL-0: MozillaFirefox / MozillaThunderbird: update to 123 and 115.8esr

Status:	RESOLVED FIXED

Alias:	None

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/394492/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2024-02-19 07:21 UTC by Martin Sirringhaus
Modified:	2024-03-27 08:30 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Comment 2 Martin Sirringhaus 2024-02-19 13:04:18 UTC

NSS 3.90.2 and 3.98:
   - Bug 1780432 - (CVE-2023-5388) Timing attack against RSA
     decryption in TLS.

Comment 3 Marcus Meissner 2024-02-20 13:51:17 UTC

Mozilla Foundation Security Advisory 2024-06
Security Vulnerabilities fixed in Firefox ESR 115.8

Announced
    February 20, 2024
Impact
    high
Products
    Firefox ESR
Fixed in

        Firefox ESR 115.8

#CVE-2024-1546: Out-of-bounds memory read in networking channels

Reporter
    Alfred Peters
Impact
    high

Description

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
References

    Bug 1843752

#CVE-2024-1547: Alert dialog could have been spoofed on another site

Reporter
    Irvan Kurniawan
Impact
    high

Description

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
References

    Bug 1877879

#CVE-2024-1548: Fullscreen Notification could have been hidden by select element

Reporter
    Hafiizh
Impact
    moderate

Description

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
References

    Bug 1832627

#CVE-2024-1549: Custom cursor could obscure the permission dialog

Reporter
    Hafiizh
Impact
    moderate

Description

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
References

    Bug 1833814

#CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

Reporter
    Hafiizh
Impact
    moderate

Description

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
References

    Bug 1860065

#CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts

Reporter
    Johan Carlsson
Impact
    moderate

Description

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
References

    Bug 1864385

#CVE-2024-1552: Incorrect code generation on 32-bit ARM devices

Reporter
    Gary Kwong
Impact
    low

Description

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.Note: This issue only affects 32-bit ARM devices.
References

    Bug 1874502

#CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Reporter
    Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Comment 4 Marcus Meissner 2024-02-20 13:51:59 UTC

Mozilla Foundation Security Advisory 2024-05
Security Vulnerabilities fixed in Firefox 123

Announced
    February 20, 2024
Impact
    high
Products
    Firefox
Fixed in

        Firefox 123

#CVE-2024-1546: Out-of-bounds memory read in networking channels

Reporter
    Alfred Peters
Impact
    high

Description

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read.
References

    Bug 1843752

#CVE-2024-1547: Alert dialog could have been spoofed on another site

Reporter
    Irvan Kurniawan
Impact
    high

Description

Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown).
References

    Bug 1877879

#CVE-2024-1554: fetch could be used to effect cache poisoning

Reporter
    scarlet
Impact
    moderate

Description

The fetch() API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers fetch() may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a fetch() response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response.
References

    Bug 1816390

#CVE-2024-1548: Fullscreen Notification could have been hidden by select element

Reporter
    Hafiizh
Impact
    moderate

Description

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks.
References

    Bug 1832627

#CVE-2024-1549: Custom cursor could obscure the permission dialog

Reporter
    Hafiizh
Impact
    moderate

Description

If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions.
References

    Bug 1833814

#CVE-2024-1550: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants

Reporter
    Hafiizh
Impact
    moderate

Description

A malicious website could have used a combination of exiting fullscreen mode and requestPointerLock to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant.
References

    Bug 1860065

#CVE-2024-1551: Multipart HTTP Responses would accept the Set-Cookie header in response parts

Reporter
    Johan Carlsson
Impact
    moderate

Description

Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser.
References

    Bug 1864385

#CVE-2024-1555: SameSite cookies were not properly respected when opening a website from an external browser

Reporter
    Narendra Bhati
Impact
    moderate

Description

When opening a website using the firefox:// protocol handler, SameSite cookies were not properly respected.
References

    Bug 1873223

#CVE-2024-1556: Invalid memory access in the built-in profiler

Reporter
    Ronald Crane
Impact
    low

Description

The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running.
References

    Bug 1870414

#CVE-2024-1552: Incorrect code generation on 32-bit ARM devices

Reporter
    Gary Kwong
Impact
    low

Description

Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. Note: This issue only affects 32-bit ARM devices.
References

    Bug 1874502

#CVE-2024-1553: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

Reporter
    Andrew McCreight, Randell Jesup, Gabriele Svelto, Paul Bone, and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8

#CVE-2024-1557: Memory safety bugs fixed in Firefox 123

Reporter
    Andrew McCreight, Randell Jesup, and the Mozilla Fuzzing Team
Impact
    high

Description

Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
References

    Memory safety bugs fixed in Firefox 123

Comment 6 Maintenance Automation 2024-02-21 12:30:03 UTC

SUSE-SU-2024:0580-1: An update that solves eight vulnerabilities can now be installed.

Category: security (important)
Bug References: 1184272, 1220048
CVE References: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
Sources used:
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.8.0-112.200.1
SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.8.0-112.200.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.8.0-112.200.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.8.0-112.200.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 7 Maintenance Automation 2024-02-23 20:30:01 UTC

SUSE-SU-2024:0608-1: An update that solves eight vulnerabilities can now be installed.

Category: security (important)
Bug References: 1220048
CVE References: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
Sources used:
openSUSE Leap 15.5 (src): MozillaThunderbird-115.8.0-150200.8.148.1
SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.8.0-150200.8.148.1
SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.8.0-150200.8.148.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Maintenance Automation 2024-02-23 20:30:04 UTC

SUSE-SU-2024:0607-1: An update that solves eight vulnerabilities can now be installed.

Category: security (important)
Bug References: 1184272, 1220048
CVE References: CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553
Sources used:
openSUSE Leap 15.5 (src): MozillaFirefox-115.8.0-150200.152.126.3
Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): MozillaFirefox-115.8.0-150200.152.126.3
SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.8.0-150200.152.126.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 9 OBSbugzilla Bot 2024-02-25 23:35:02 UTC

This is an autogenerated message for OBS integration:
This bug (1220048) was mentioned in
https://build.opensuse.org/request/show/1150527 Factory / MozillaFirefox

Comment 11 Maintenance Automation 2024-03-27 08:30:04 UTC

SUSE-SU-2024:1002-1: An update that solves 19 vulnerabilities can now be installed.

Category: security (critical)
Bug References: 1220048, 1221327, 1221850
CVE References: CVE-2023-5388, CVE-2024-0743, CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553, CVE-2024-2605, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616, CVE-2024-29944
Maintenance Incident: [SUSE:Maintenance:32985](https://smelt.suse.de/incident/32985/)
Sources used:
openSUSE Leap 15.5 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
Desktop Applications Module 15-SP5 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src):
 MozillaFirefox-115.9.1-150200.152.131.1
SUSE Enterprise Storage 7.1 (src):
 MozillaFirefox-115.9.1-150200.152.131.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.