Headline
RHSA-2023:0459: Red Hat Security Advisory: thunderbird security update
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-46871: Mozilla: libusrsctp library out of date
- CVE-2022-46877: Mozilla: Fullscreen notification bypass
- CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux
- CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output
- CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
- CVE-2023-23602: Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers
- CVE-2023-23603: Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
- CVE-2023-23605: Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- OpenShift Dev Spaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-01-25
Updated:
2023-01-25
RHSA-2023:0459 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: thunderbird security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.7.1.
Security Fix(es):
- Mozilla: libusrsctp library out of date (CVE-2022-46871)
- Mozilla: Arbitrary file read from GTK drag and drop on Linux (CVE-2023-23598)
- Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7 (CVE-2023-23605)
- Mozilla: Malicious command could be hidden in devtools output (CVE-2023-23599)
- Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation (CVE-2023-23601)
- Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers (CVE-2023-23602)
- Mozilla: Fullscreen notification bypass (CVE-2022-46877)
- Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive (CVE-2023-23603)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
All running instances of Thunderbird must be restarted for the update to take effect.
Affected Products
- Red Hat Enterprise Linux Server - AUS 8.2 x86_64
- Red Hat Enterprise Linux Server - TUS 8.2 x86_64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2 x86_64
Fixes
- BZ - 2162336 - CVE-2022-46871 Mozilla: libusrsctp library out of date
- BZ - 2162338 - CVE-2023-23598 Mozilla: Arbitrary file read from GTK drag and drop on Linux
- BZ - 2162339 - CVE-2023-23599 Mozilla: Malicious command could be hidden in devtools output
- BZ - 2162340 - CVE-2023-23601 Mozilla: URL being dragged from cross-origin iframe into same tab triggers navigation
- BZ - 2162341 - CVE-2023-23602 Mozilla: Content Security Policy wasn’t being correctly applied to WebSockets in WebWorkers
- BZ - 2162342 - CVE-2022-46877 Mozilla: Fullscreen notification bypass
- BZ - 2162343 - CVE-2023-23603 Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
- BZ - 2162344 - CVE-2023-23605 Mozilla: Memory safety bugs fixed in Firefox 109 and Firefox ESR 102.7
CVEs
- CVE-2022-46871
- CVE-2022-46877
- CVE-2023-23598
- CVE-2023-23599
- CVE-2023-23601
- CVE-2023-23602
- CVE-2023-23603
- CVE-2023-23605
Red Hat Enterprise Linux Server - AUS 8.2
SRPM
thunderbird-102.7.1-1.el8_2.src.rpm
SHA-256: ef951b6c2eed9575ee001fc1f374d63406cc545ee4e3d94cf0620f999f70c74c
x86_64
thunderbird-102.7.1-1.el8_2.x86_64.rpm
SHA-256: d7130d13a0a5295a9e487bba8ce7e75655581f0e489d15aabfddae53b162c2bd
thunderbird-debuginfo-102.7.1-1.el8_2.x86_64.rpm
SHA-256: b33134170ea53281384b4a6d6162b9fad1a41e298d442ebe63177495c4e81a40
thunderbird-debugsource-102.7.1-1.el8_2.x86_64.rpm
SHA-256: 05fe3da64264142c7808e285299f926c462a4623b508a609dafbf31c244cd46c
Red Hat Enterprise Linux Server - TUS 8.2
SRPM
thunderbird-102.7.1-1.el8_2.src.rpm
SHA-256: ef951b6c2eed9575ee001fc1f374d63406cc545ee4e3d94cf0620f999f70c74c
x86_64
thunderbird-102.7.1-1.el8_2.x86_64.rpm
SHA-256: d7130d13a0a5295a9e487bba8ce7e75655581f0e489d15aabfddae53b162c2bd
thunderbird-debuginfo-102.7.1-1.el8_2.x86_64.rpm
SHA-256: b33134170ea53281384b4a6d6162b9fad1a41e298d442ebe63177495c4e81a40
thunderbird-debugsource-102.7.1-1.el8_2.x86_64.rpm
SHA-256: 05fe3da64264142c7808e285299f926c462a4623b508a609dafbf31c244cd46c
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.2
SRPM
thunderbird-102.7.1-1.el8_2.src.rpm
SHA-256: ef951b6c2eed9575ee001fc1f374d63406cc545ee4e3d94cf0620f999f70c74c
ppc64le
thunderbird-102.7.1-1.el8_2.ppc64le.rpm
SHA-256: 5bbff6fd14deaa3ab6fa45bbfa610a6053ac3c9202db1bdf2571593aaa843e58
thunderbird-debuginfo-102.7.1-1.el8_2.ppc64le.rpm
SHA-256: 727c2150dd9f5c3a59fe4e11dea404d6e1d15c1ec5b8850baf1f4af2ad424b5f
thunderbird-debugsource-102.7.1-1.el8_2.ppc64le.rpm
SHA-256: 29ae815561c01b42cf6ece7e57211c4f43700f4996c4b619e388f4f4e64bfb19
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.2
SRPM
thunderbird-102.7.1-1.el8_2.src.rpm
SHA-256: ef951b6c2eed9575ee001fc1f374d63406cc545ee4e3d94cf0620f999f70c74c
x86_64
thunderbird-102.7.1-1.el8_2.x86_64.rpm
SHA-256: d7130d13a0a5295a9e487bba8ce7e75655581f0e489d15aabfddae53b162c2bd
thunderbird-debuginfo-102.7.1-1.el8_2.x86_64.rpm
SHA-256: b33134170ea53281384b4a6d6162b9fad1a41e298d442ebe63177495c4e81a40
thunderbird-debugsource-102.7.1-1.el8_2.x86_64.rpm
SHA-256: 05fe3da64264142c7808e285299f926c462a4623b508a609dafbf31c244cd46c
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
A duplicate <code>SystemPrincipal</code> object could be created when parsing a non-system html document via <code>DOMParser::ParseFromSafeString</code>. This could have lead to bypassing web security checks. This vulnerability affects Firefox < 109.
Debian Linux Security Advisory 5355-1 - Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code.
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab tr...
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0461-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0460-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.7.1. Issues addressed include a bypass vulnerability.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-orig...
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Ubuntu Security Notice 5816-1 - Niklas Baumstark discovered that a compromised web child process of Firefox could disable web security opening restrictions, leading to a new child process being spawned within the file:// context. An attacker could potentially exploits this to obtain sensitive information. Tom Schuster discovered that Firefox was not performing a validation check on GTK drag data. An attacker could potentially exploits this to obtain sensitive information.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0288-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0286-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
Red Hat Security Advisory 2023-0295-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.7.0 ESR. Issues addressed include a bypass vulnerability.
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cros...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-46871: Mozilla: libusrsctp library out of date * CVE-2022-46877: Mozilla: Fullscreen notification bypass * CVE-2023-23598: Mozilla: Arbitrary file read from GTK drag and drop on Linux * CVE-2023-23599: Mozilla: Malicious command could be hidden in devtools output * CVE-2023-23601: Mozilla: URL being dragged from cross-origin iframe into same tab trigge...
Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered ...
Ubuntu Security Notice 5782-3 - USN-5782-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. It was discovered that Firefox was using an out-of-date libusrsctp library. An attacker could possibly use this library to perform a reentrancy issue on Firefox. Nika Layzell discovered that Firefox was not performing a check on paste received from cross-processes. An attacker could potentially exploit this to obtain sensitive information. Pete Freitag discovered that Firefox did not implement the unsafe-hashes CSP directive. An attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject an executable script. Matthias Zoellner discovered that Firefox was not keeping the filename ending intact when using the drag-and-drop event. An attacker could possibly use this issue to add a file with a malicious extension, leading to execute arbitrary code. Hafiizh discovered ...