Lucene search

K
rockyRockylinux Product ErrataRLSA-2023:0288
HistoryJan 23, 2023 - 8:24 a.m.

firefox security update

2023-01-2308:24:24
Rockylinux Product Errata
errata.rockylinux.org
11
firefox
update
security fix
cve
rocky linux 8
mozilla
cvss
vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

72.0%

An update is available for firefox.
This update affects Rocky Linux 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.7.0 ESR.

Security Fix(es):

  • Mozilla: libusrsctp library out of date (CVE-2022-46871)

  • Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)

  • Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)

  • Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)

  • Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)

  • Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)

  • Mozilla: Fullscreen notification bypass (CVE-2022-46877)

  • Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.003

Percentile

72.0%