Advisory ROSA-SA-2024-2371

software: firefox 118.0.2
OS: ROSA-CHROME

package_evr_string: firefox-118.0.2-1.src.rpm

CVE-ID: CVE-2011-0064
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, used in Pango, Firefox, and other products, does not check for successful memory reallocation, allowing remote attackers to cause a denial of service (dereferencing a null pointer and applying a crash) or possibly execute arbitrary code through the created OpenType font data that results in the use of the wrong index.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2011-0341
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_m_main.c in the MuPDF 2008.09.02 plugin for Firefox allows remote attackers to execute arbitrary code through a crafted website.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2011-1179
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The SPICE plugin of Firefox (spice-xpi) and possibly other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors associated with plugin/nsScriptablePeer.cpp and plugin/plugin.cpp that triggers multiple uses of an uninitialized pointer.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2011-3384
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the Sage add-on and earlier versions for Firefox allows remote attackers to inject arbitrary web script or HTML through a crafted channel.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2012-4929
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The TLS 1.2 and earlier protocol used in Mozilla Firefox, Google Chrome, Qt, and other products can encrypt compressed data without properly obfuscating the length of the unencrypted data, allowing intermediary attackers to obtain plaintext HTTP. headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2012-4930
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The SPDY 3 and earlier protocol used in Mozilla Firefox, Google Chrome, and other products can perform TLS encryption of compressed data without properly obfuscating the length of the unencrypted data, allowing intermediary attackers to obtain plaintext. HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2013-6901
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the Space feature of Cybozu Garoon, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2013-6903
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the scheduling component of Cybozu Garoon, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML using unspecified vectors.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2013-6904
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the notes component of Cybozu Garoon, when Internet Explorer or Firefox is used, allows remote attackers to inject arbitrary web script or HTML using unspecified vectors.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2013-6905
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the phone component of Cybozu Garoon when using Internet Explorer or Firefox allows remote attackers to inject arbitrary web script or HTML using unspecified vectors.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2013-6911
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A cross-site scripting (XSS) vulnerability in the bulletin board component of Cybozu Garoon, when Internet Explorer or Firefox is used, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2014-0387
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45 when running in Firefox allows remote attackers to affect confidentiality, integrity, and availability via unknown deployment-related vectors.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2016-7152
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The HTTPS protocol does not consider the role of the TCP overload window in providing content length information, making it easy for remote attackers to obtain data in plaintext by exploiting the web browser configuration where third-party cookies are sent.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2016-7153
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The HTTP/2 protocol does not account for the role of the TCP overload window in providing content length information, making it easy for remote attackers to obtain data in plaintext by exploiting the web browser configuration in which third-party cookies are sent.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4573
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: When receiving rendering data via IPC, mStream may have been destroyed during initialization, which could lead to post-release usage causing a potentially dangerous crash.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4574
BDU-ID: 2023-05176
CVE-Crit: MEDIUM
CVE-DESC.: When creating a callback via IPC to display the color selection window, multiple identical callbacks could have been created at the same time, and eventually all of them were destroyed simultaneously as soon as one of the callbacks completed. This could have led to post-release usage resulting in a potentially dangerous failure.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4575
BDU-ID: 2023-05175
CVE-Crit: MEDIUM
CVE-DESC.: When creating a callback via IPC to display the file selection window, multiple identical callbacks could have been created at the same time, and eventually all of them were destroyed at the same time once one of the callbacks completed. This could have led to post-release usage resulting in a potentially dangerous crash.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4577
BDU-ID: 2023-05174
CVE-Crit: MEDIUM
CVE-DESC.: When UpdateRegExpStatics tried to access initialStringHeap, it may have already been collected before entering the function, potentially causing a usable failure.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4578
BDU-ID: 2023-05179
CVE-Crit: HIGH
CVE-DESC.: A syntax error may have been set when JS::CheckRegExpSyntax was called, which would have ended with a call to convertToRuntimeErrorAndClear. The path in the function could attempt to allocate memory when it is not available, which would cause the newly created “Not enough memory” exception to be improperly handled as a syntax error.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4579
BDU-ID: 2023-05100
CVE-Crit: MEDIUM
CVE-DESC.: Search queries in the default search engine could appear to be the current URL if the search query itself was a properly formed URL. This could cause one site to spoof another if it was maliciously set as the default search engine.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4580
BDU-ID: 2023-05178
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in push notifications of Mozilla Firefox, Firefox ESR and Thunderbird email client is related to open storage of information. Exploitation of the vulnerability allows a remote attacker to gain access to sensitive information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4581
BDU-ID: 2023-05173
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to insufficient warning of dangerous activities. Exploitation of the vulnerability could allow an attacker acting remotely to download arbitrary files
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4582
BDU-ID: 2023-05180
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the glGetProgramiv function of Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to affect the confidentiality, integrity and availability of protected information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4583
BDU-ID: 2023-05182
CVE-Crit: MEDIUM
CVE-DESC.: A privacy mode vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to a lack of protection for proprietary data. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4584
BDU-ID: 2023-05102
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4585
BDU-ID: 2023-05101
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird email client browsers is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-4863
BDU-ID: 2023-05510
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5169
BDU-ID: 2023-07665
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Firefox ESR web browsers, Firefox and the Thunderbird email client is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5170
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: When rendering the canvas, a compromised content process could cause an unexpected surface change, resulting in a memory leak of the privileged process. This memory leak could be used to exit the sandbox if the correct data was leaked.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5171
BDU-ID: 2023-07671
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Firefox ESR web browsers, Firefox and the Thunderbird email client is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5172
BDU-ID: None
CVE-Crit: N/A
CVE-DESC.: The hash table in Ion Engine may have been modified while a valid internal link existed, resulting in a potential usage failure after release and usability.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5173
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: In a non-standard Firefox configuration, an integer overflow due to network traffic (possibly influenced by a local unprivileged web page) may have occurred, resulting in an out-of-memory write by a privileged process. *This bug only affects Firefox if the non-standard setting that allows alternative services other than HTTPS (network.http.altsvc.oe) is enabled.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5175
BDU-ID: None
CVE-Crit: CRITICAL.
CVE-DESC.: An ImageBitmap image may have been created during the shutdown, which will later be used after being released from another code path, resulting in a potentially dangerous crash.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5176
BDU-ID: 2023-07235
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the Thunderbird email client and Firefox, Firefox ESR browsers is related to writing beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox

CVE-ID: CVE-2023-5217
BDU-ID: 2023-06157
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the VP8 format encoding function of the libvpx library of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code when a user opens a specially crafted web page
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update firefox