Lucene search

K
redhatRedHatRHSA-2023:6187
HistoryOct 30, 2023 - 4:30 p.m.

(RHSA-2023:6187) Important: firefox security update

2023-10-3016:30:34
CWE-120
access.redhat.com
13
mozilla firefox
security update
version 115.4.0
open-source
web browser
cve-2023-5721
cve-2023-5730
cve-2023-44488
cve-2023-5724
cve-2023-5725
cve-2023-5728
cve-2023-5732
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.1%

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.4.0 ESR.

Security Fix(es):

  • Mozilla: Queued up rendering could have allowed websites to clickjack (CVE-2023-5721)

  • Mozilla: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4 (CVE-2023-5730)

  • libvpx: crash related to VP9 encoding in libvpx (CVE-2023-44488)

  • Mozilla: Large WebGL draw could have led to a crash (CVE-2023-5724)

  • Mozilla: WebExtensions could open arbitrary URLs (CVE-2023-5725)

  • Mozilla: Improper object tracking during GC in the JavaScript engine could have led to a crash. (CVE-2023-5728)

  • Mozilla: Address bar spoofing via bidirectional characters (CVE-2023-5732)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected configurations

Vulners
Node
redhatfirefoxRange115.4.0-1.el7_9
OR
redhatfirefoxRange115.4.0-1.el8_8
OR
redhatthunderbirdRange115.4.1-1.el8_8
OR
redhatfirefox-0Range115.4.0-1.el8_1
OR
redhatthunderbird-0Range115.4.1-1.el8_1
OR
redhatfirefox-0Range115.4.0-1.el8_2
OR
redhatthunderbird-0Range115.4.1-1.el8_2
OR
redhatthunderbird-0Range115.4.1-1.el8_4
OR
redhatfirefox-0Range115.4.0-1.el8_6
OR
redhatthunderbird-0Range115.4.1-1.el8_6
OR
redhatfirefoxRange115.4.0-1.el9_2
OR
redhatthunderbirdRange115.4.1-1.el9_2
OR
redhatfirefox-0Range115.4.0-1.el9_0
OR
redhatlibvpxRange1.7.0-10.el8_8
OR
redhatlibvpx-0Range1.7.0-8.el8_1
OR
redhatlibvpx-0Range1.7.0-8.el8_2
OR
redhatlibvpx-0Range1.7.0-10.el8_4
OR
redhatfirefox-0Range115.4.0-1.el8_4
OR
redhatlibvpx-0Range1.7.0-10.el8_6
OR
redhatlibvpxRange1.9.0-7.el9_2
OR
redhatlibvpx-0Range1.9.0-7.el9_0
OR
redhatthunderbird-0Range115.4.1-1.el9_0
AND
redhatenterprise_linuxMatch7
OR
redhatenterprise_linuxMatch8
OR
redhatenterprise_linuxMatch9
VendorProductVersionCPE
redhatfirefox*cpe:2.3:a:redhat:firefox:*:*:*:*:*:*:*:*
redhatthunderbird*cpe:2.3:a:redhat:thunderbird:*:*:*:*:*:*:*:*
redhatfirefox-0*cpe:2.3:a:redhat:firefox-0:*:*:*:*:*:*:*:*
redhatthunderbird-0*cpe:2.3:a:redhat:thunderbird-0:*:*:*:*:*:*:*:*
redhatlibvpx*cpe:2.3:a:redhat:libvpx:*:*:*:*:*:*:*:*
redhatlibvpx-0*cpe:2.3:a:redhat:libvpx-0:*:*:*:*:*:*:*:*
redhatenterprise_linux7cpe:2.3:o:redhat:enterprise_linux:7:*:*:*:*:*:*:*
redhatenterprise_linux8cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*
redhatenterprise_linux9cpe:2.3:o:redhat:enterprise_linux:9:*:*:*:*:*:*:*

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0.003

Percentile

69.1%