Lucene search
AlmaLinuxALSA-2023:5434HistoryOct 04, 2023 - 12:00 a.m.
Important: firefox security update
2023-10-0400:00:00
errata.almalinux.org
19
mozilla
firefox
security update
cve
web browser
open-source
version 115.3.1 esr
cve-2023-3600
cve-2023-5169
cve-2023-5171
cve-2023-5176
cve-2023-5217
libvpx
unix
performance
portability
standards compliance
0.296 Low
EPSS
Percentile
96.9%
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.3.1 ESR.
Security Fix(es):
- firefox: use-after-free in workers (CVE-2023-3600)
- Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169)
- Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171)
- Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176)
- libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 9 | ppc64le | firefox-x11 | < 115.3.1-1.el9_2.alma.1 | firefox-x11-115.3.1-1.el9_2.alma.1.ppc64le.rpm |
| almalinux | 9 | ppc64le | firefox | < 115.3.1-1.el9_2.alma.1 | firefox-115.3.1-1.el9_2.alma.1.ppc64le.rpm |
| almalinux | 9 | aarch64 | firefox-x11 | < 115.3.1-1.el9_2.alma.1 | firefox-x11-115.3.1-1.el9_2.alma.1.aarch64.rpm |
| almalinux | 9 | aarch64 | firefox | < 115.3.1-1.el9_2.alma.1 | firefox-115.3.1-1.el9_2.alma.1.aarch64.rpm |
| almalinux | 9 | x86_64 | firefox | < 115.3.1-1.el9_2.alma.1 | firefox-115.3.1-1.el9_2.alma.1.x86_64.rpm |
| almalinux | 9 | x86_64 | firefox-x11 | < 115.3.1-1.el9_2.alma.1 | firefox-x11-115.3.1-1.el9_2.alma.1.x86_64.rpm |
| almalinux | 9 | s390x | firefox | < 115.3.1-1.el9_2.alma.1 | firefox-115.3.1-1.el9_2.alma.1.s390x.rpm |
| almalinux | 9 | s390x | firefox-x11 | < 115.3.1-1.el9_2.alma.1 | firefox-x11-115.3.1-1.el9_2.alma.1.s390x.rpm |
References
access.redhat.com/errata/RHSA-2023:5434
access.redhat.com/security/cve/CVE-2023-3600
access.redhat.com/security/cve/CVE-2023-5169
access.redhat.com/security/cve/CVE-2023-5171
access.redhat.com/security/cve/CVE-2023-5176
access.redhat.com/security/cve/CVE-2023-5217
bugzilla.redhat.com/2222652
bugzilla.redhat.com/2240893
bugzilla.redhat.com/2240894
bugzilla.redhat.com/2240896
bugzilla.redhat.com/2241191
errata.almalinux.org/9/ALSA-2023-5434.html
Related
nessus
nessus
RHEL 9 : firefox (RHSA-2023:5434)
2023-10-04 00:00:00
RHEL 9 : firefox (RHSA-2023:5427)
2023-10-04 00:00:00
CentOS 7 : firefox (RHSA-2023:5477)
2023-12-22 00:00:00
oraclelinux
oraclelinux
thunderbird security update
2023-10-05 00:00:00
firefox security update
2023-10-13 00:00:00
thunderbird security update
2023-10-13 00:00:00
osv
osv
Important: thunderbird security update
2023-10-05 21:35:58
Important: thunderbird security update
2023-10-05 21:35:15
Important: thunderbird security update
2023-10-04 00:00:00
redhat
redhat
(RHSA-2023:5440) Important: firefox security update
2023-10-04 11:13:53
(RHSA-2023:5434) Important: firefox security update
2023-10-04 10:52:28
(RHSA-2023:5432) Important: thunderbird security update
2023-10-04 10:50:12
almalinux
almalinux
Important: thunderbird security update
2023-10-04 00:00:00
rocky
rocky
thunderbird security update
2023-10-05 21:35:58
thunderbird security update
2023-10-05 21:35:15
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0285)
2023-10-11 00:00:00
Debian: Security Advisory (DSA-5513-1)
2023-10-04 00:00:00
Debian: Security Advisory (DLA-3601-1)
2023-10-09 00:00:00
mageia
mageia
Updated Firefox and Thunderbird packages fix security vulnerabilities
2023-10-10 20:21:41
Updated libvpx packages fix security vulnerability
2023-10-02 13:18:07
debian
debian
[SECURITY] [DLA 3601-1] thunderbird security update
2023-10-09 13:53:36
[SECURITY] [DLA 3587-1] firefox-esr security update
2023-09-29 12:33:31
[SECURITY] [DSA 5513-1] thunderbird security update
2023-10-03 15:53:49
slackware
slackware
[slackware-security] mozilla-firefox
2023-09-26 19:39:20
[slackware-security] mozilla-thunderbird
2023-09-30 21:42:55
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.3 — Mozilla
2023-09-26 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.3 — Mozilla
2023-09-26 00:00:00
Security Vulnerabilities fixed in Firefox 118 — Mozilla
2023-09-26 00:00:00
kaspersky
kaspersky
KLA60813 Multiple vulnerabilities in Mozilla Firefox ESR
2023-09-26 00:00:00
KLA60814 Multiple vulnerabilities in Mozilla Thunderbird
2023-09-26 00:00:00
KLA60812 Multiple vulnerabilities in Mozilla Firefox
2023-09-26 00:00:00
ubuntu
ubuntu
Firefox vulnerabilities
2023-10-03 00:00:00
Thunderbird vulnerabilities
2023-10-03 00:00:00
Firefox regressions
2023-10-11 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: firefox-118.0.1-4.fc39
2023-10-05 21:16:09
[SECURITY] Fedora 38 Update: libvpx-1.13.0-5.fc38
2023-10-01 04:55:42
prion
prion
Memory corruption
2023-09-27 15:19:00
Out-of-bounds
2023-09-27 15:19:00
Design/Logic Flaw
2023-09-27 15:19:00
alpinelinux
alpinelinux
debiancve
debiancve
ubuntucve
ubuntucve
veracode
veracode
Denial Of Service (DoS)
2023-10-02 19:12:51
Denial Of Service (DoS)
2023-10-02 19:13:37
Memory Corruptions
2023-10-02 19:12:45
cvelist
cvelist
redhatcve
redhatcve
cve
cve
cnvd
cnvd
Mozilla Firefox Memory Corruption Vulnerability (CNVD-2023-74540)
2023-10-07 00:00:00
github
github
Electron affected by libvpx's heap buffer overflow in vp8 encoding
2023-09-28 18:30:45
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Webmproject Libvpx
2023-10-06 10:43:38
malwarebytes
malwarebytes
Update Chrome now! Google patches another actively exploited vulnerability
2023-09-29 11:15:00
freebsd
freebsd
electron{22,24,25} -- Heap buffer overflow in vp8 encoding in libvpx
2023-09-28 00:00:00
cisa_kev
cisa_kev
Google Chromium libvpx Heap Buffer Overflow Vulnerability
2023-10-02 00:00:00