Lucene search

K
altlinuxHttps://packages.altlinux.org/en/sisyphus/security/E93B44937940F728EB02228CE75F869E
HistoryFeb 21, 2023 - 12:00 a.m.

Security fix for the ALT Linux 10 package firefox-esr version 102.7.0-alt1

2023-02-2100:00:00
https://packages.altlinux.org/en/sisyphus/security/
packages.altlinux.org
10
alt linux 10
firefox-esr
security fixes
cve-2022-46871
cve-2023-23598
cve-2023-23599
cve-2023-23601
cve-2023-23602
cve-2022-46877
cve-2023-23603
cve-2023-23605

EPSS

0.003

Percentile

72.0%

102.7.0-alt1 built Feb. 21, 2023 Pavel Vasenkov in task #315243

Jan. 18, 2023 Pavel Vasenkov

- New ESR version.
- Security fixes
  + CVE-2022-46871 libusrsctp library out of date
  + CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux
  + CVE-2023-23599 Malicious command could be hidden in devtools output on Windows
  + CVE-2023-23601 URL being dragged from cross-origin iframe into same tab triggers navigation
  + CVE-2023-23602 Content Security Policy wasn't being correctly applied to WebSockets in WebWorkers
  + CVE-2022-46877 Fullscreen notification bypass
  + CVE-2023-23603 Calls to &LTcode>console.log&LT/code> allowed bypasing Content Security Policy via format directive
  + CVE-2023-23605 Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7