MiracleLinux 9 : firefox-102.14.0-1.el9.ML.1 (AXSA:2023-6315:28)

🗓️ 20 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 9 Firefox affected by multiple CVEs in AXSA-2023-6315:28.

Reporter	Title	Published	Views	Family All 534
GithubExploit	Exploit for Improper Validation of Array Index in Rarlab Winrar	29 Aug 202316:29	–	githubexploit
Tenable Nessus	Amazon Linux 2 : thunderbird (ALAS-2023-2248)	20 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : firefox (ALASFIREFOX-2023-002)	27 Sep 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : firefox (ALSA-2023:4462)	4 Aug 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : firefox (ALSA-2023:4468)	4 Aug 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : thunderbird (ALSA-2023:4497)	8 Aug 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : thunderbird (ALSA-2023:4499)	8 Aug 202300:00	–	nessus
Tenable Nessus	CentOS 7 : firefox (RHSA-2023:4461)	9 Jan 202400:00	–	nessus
Tenable Nessus	CentOS 7 : thunderbird (RHSA-2023:4495)	9 Jan 202400:00	–	nessus
Tenable Nessus	Debian dla-3521 : thunderbird - security update	8 Aug 202300:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/17499
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2023-6315:28.
##

include('compat.inc');

if (description)
{
  script_id(292475);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/20");

  script_cve_id(
    "CVE-2023-4045",
    "CVE-2023-4046",
    "CVE-2023-4047",
    "CVE-2023-4048",
    "CVE-2023-4049",
    "CVE-2023-4050",
    "CVE-2023-4055",
    "CVE-2023-4056",
    "CVE-2023-4057"
  );

  script_name(english:"MiracleLinux 9 : firefox-102.14.0-1.el9.ML.1 (AXSA:2023-6315:28)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2023-6315:28 advisory.

    Mozilla: Offscreen Canvas could have bypassed cross-origin restrictions
    (CVE-2023-4045)
        Mozilla: Incorrect value used during WASM compilation (CVE-2023-4046)
        Mozilla: Potential permissions request bypass via clickjacking
    (CVE-2023-4047)
        Mozilla: Crash in DOMParser due to out-of-memory conditions (CVE-2023-4048)
        Mozilla: Fix potential race conditions when releasing platform objects
    (CVE-2023-4049)
        Mozilla: Stack buffer overflow in StorageManager (CVE-2023-4050)
        Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox
    ESR 102.14, Thunderbird 115.1, and Thunderbird 102.14 (CVE-2023-4056)
        Mozilla: Memory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and
    Thunderbird 115.1 (CVE-2023-4057)
        Mozilla: Cookie jar overflow caused unexpected cookie jar state
    (CVE-2023-4055)
    CVE(s):
    CVE-2023-4045
    Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image
    data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116,
    Firefox ESR < 102.14, and Firefox ESR < 115.1.
    CVE-2023-4046
    In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This
    resulted in incorrect compilation and a potentially exploitable crash in the content process. This
    vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
    CVE-2023-4047
    A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user
    into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR
    < 115.1.
    CVE-2023-4048
    An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low
    memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR <
    115.1.
    CVE-2023-4049
    Race conditions in reference counting code were found through code inspection. These could have resulted
    in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116,
    Firefox ESR < 102.14, and Firefox ESR < 115.1.
    CVE-2023-4050
    In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This
    resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability
    affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
    CVE-2023-4055
    When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the
    host was no longer consistent with expected cookie jar state. This could have caused requests to be sent
    with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR
    < 115.1.
    CVE-2023-4056
    Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and
    Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with
    enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects
    Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.
    CVE-2023-4057
    Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs
    showed evidence of memory corruption and we presume that with enough effort some of these could have been
    exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and
    Thunderbird < 115.1.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/17499");
  script_set_attribute(attribute:"solution", value:
"Update the affected firefox and / or firefox-x11 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4057");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:firefox-x11");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:9");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^9([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 9.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '9',
    'pkgs': [
      {'reference':'firefox-102.14.0-1.el9.ML.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE},
      {'reference':'firefox-x11-102.14.0-1.el9.ML.1', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0', 'allowmaj':TRUE}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox / firefox-x11');
}

20 Jan 2026 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.19.8

EPSS0.03618

SSVC