Important: firefox security update

2023-09-0400:00:00

Google

osv.dev

mozilla

firefox

update

memory corruption

safety bugs

cve-2023-4573

cve-2023-4574

cve-2023-4575

cve-2023-4577

cve-2023-4584

cve-2023-4585

cve-2023-4051

cve-2023-4053

cve-2023-4578

cve-2023-4580

cve-2023-4581

cve-2023-4583

8.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

43.7%

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.15.0 ESR.

Security Fix(es):

Mozilla: Memory corruption in IPC CanvasTranslator (CVE-2023-4573)
Mozilla: Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)
Mozilla: Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)
Mozilla: Memory corruption in JIT UpdateRegExpStatics (CVE-2023-4577)
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR 115.2, Thunderbird 102.15, and Thunderbird 115.2 (CVE-2023-4584)
Mozilla: Memory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2 (CVE-2023-4585)
Mozilla: Full screen notification obscured by file open dialog (CVE-2023-4051)
Mozilla: Full screen notification obscured by external program (CVE-2023-4053)
Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception (CVE-2023-4578)
Mozilla: Push notifications saved to disk unencrypted (CVE-2023-4580)
Mozilla: XLL file extensions were downloadable without warnings (CVE-2023-4581)
Mozilla: Browsing Context potentially not cleared when closing Private Window (CVE-2023-4583)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.