Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:3589: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.
  • CVE-2023-34416: The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Red Hat Security Data
#vulnerability#web#linux#red_hat#ibm#firefox#sap#ssl

Synopsis

Important: firefox security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for firefox is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.12.0 ESR.

Security Fix(es):

  • Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414)
  • Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

After installing the update, Firefox must be restarted for the changes to take effect.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.2 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x

Fixes

  • BZ - 2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag
  • BZ - 2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12

Red Hat Enterprise Linux for x86_64 9

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

x86_64

firefox-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085

firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4

firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d

firefox-x11-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

x86_64

firefox-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085

firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4

firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d

firefox-x11-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54

Red Hat Enterprise Linux Server - AUS 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

x86_64

firefox-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085

firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4

firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d

firefox-x11-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

s390x

firefox-102.12.0-1.el9_2.s390x.rpm

SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37

firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm

SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0

firefox-debugsource-102.12.0-1.el9_2.s390x.rpm

SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e

firefox-x11-102.12.0-1.el9_2.s390x.rpm

SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

s390x

firefox-102.12.0-1.el9_2.s390x.rpm

SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37

firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm

SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0

firefox-debugsource-102.12.0-1.el9_2.s390x.rpm

SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e

firefox-x11-102.12.0-1.el9_2.s390x.rpm

SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c

Red Hat Enterprise Linux for Power, little endian 9

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

ppc64le

firefox-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8

firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb

firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3

firefox-x11-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

ppc64le

firefox-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8

firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb

firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3

firefox-x11-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315

Red Hat Enterprise Linux for ARM 64 9

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

aarch64

firefox-102.12.0-1.el9_2.aarch64.rpm

SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f

firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869

firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm

SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5

firefox-x11-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

aarch64

firefox-102.12.0-1.el9_2.aarch64.rpm

SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f

firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869

firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm

SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5

firefox-x11-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

ppc64le

firefox-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8

firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb

firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3

firefox-x11-102.12.0-1.el9_2.ppc64le.rpm

SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

x86_64

firefox-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085

firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4

firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d

firefox-x11-102.12.0-1.el9_2.x86_64.rpm

SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

aarch64

firefox-102.12.0-1.el9_2.aarch64.rpm

SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f

firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869

firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm

SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5

firefox-x11-102.12.0-1.el9_2.aarch64.rpm

SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2

SRPM

firefox-102.12.0-1.el9_2.src.rpm

SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2

s390x

firefox-102.12.0-1.el9_2.s390x.rpm

SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37

firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm

SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0

firefox-debugsource-102.12.0-1.el9_2.s390x.rpm

SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e

firefox-x11-102.12.0-1.el9_2.s390x.rpm

SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c

Related news

Gentoo Linux Security Advisory 202401-10

Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.

CVE-2023-34415: Security Vulnerabilities fixed in Firefox 114

When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.

Red Hat Security Advisory 2023-3560-01

Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.

Red Hat Security Advisory 2023-3566-01

Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

Red Hat Security Advisory 2023-3564-01

Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.

RHSA-2023:3596: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to...

RHSA-2023:3596: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to...

RHSA-2023:3588: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...

RHSA-2023:3588: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...

RHSA-2023:3587: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...

RHSA-2023:3579: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navi...

RHSA-2023:3578: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and ...

Ubuntu Security Notice USN-6143-2

Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

Ubuntu Security Notice USN-6143-2

Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

RHSA-2023:3567: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise loc...

RHSA-2023:3567: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise loc...

RHSA-2023:3565: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts ...

RHSA-2023:3565: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts ...

RHSA-2023:3562: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locatio...

RHSA-2023:3562: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locatio...

RHSA-2023:3561: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in preci...

RHSA-2023:3564: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in p...

RHSA-2023:3561: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in preci...

Ubuntu Security Notice USN-6147-1

Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.

Debian Security Advisory 5421-1

Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Debian Security Advisory 5421-1

Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.

Ubuntu Security Notice USN-6143-1

Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

Ubuntu Security Notice USN-6143-1

Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.