Headline
RHSA-2023:3589: Red Hat Security Advisory: firefox security update
An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navigating to a site with a certificate error and made the renderer extremely busy at the same time, it could create a gap between when the error page was loaded and when the display actually refreshed. With the right timing the elicited clicks could land in that gap and activate the button that overrides the certificate error for that site.
- CVE-2023-34416: The Mozilla Foundation Security Advisory describes this flaw as: Mozilla developers and community members Gabriele Svelto, Andrew McCreight, the Mozilla Fuzzing Team, Sean Feng, and Sebastian Hengst reported memory safety bugs present in Firefox 113 and Firefox ESR 102.11. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
Synopsis
Important: firefox security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.12.0 ESR.
Security Fix(es):
- Mozilla: Click-jacking certificate exceptions through rendering lag (CVE-2023-34414)
- Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12 (CVE-2023-34416)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the update, Firefox must be restarted for the changes to take effect.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2212841 - CVE-2023-34414 Mozilla: Click-jacking certificate exceptions through rendering lag
- BZ - 2212842 - CVE-2023-34416 Mozilla: Memory safety bugs fixed in Firefox 114 and Firefox ESR 102.12
Red Hat Enterprise Linux for x86_64 9
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
x86_64
firefox-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085
firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4
firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d
firefox-x11-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
x86_64
firefox-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085
firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4
firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d
firefox-x11-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
x86_64
firefox-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085
firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4
firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d
firefox-x11-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
s390x
firefox-102.12.0-1.el9_2.s390x.rpm
SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37
firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm
SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0
firefox-debugsource-102.12.0-1.el9_2.s390x.rpm
SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e
firefox-x11-102.12.0-1.el9_2.s390x.rpm
SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
s390x
firefox-102.12.0-1.el9_2.s390x.rpm
SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37
firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm
SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0
firefox-debugsource-102.12.0-1.el9_2.s390x.rpm
SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e
firefox-x11-102.12.0-1.el9_2.s390x.rpm
SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c
Red Hat Enterprise Linux for Power, little endian 9
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
ppc64le
firefox-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8
firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb
firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3
firefox-x11-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
ppc64le
firefox-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8
firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb
firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3
firefox-x11-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315
Red Hat Enterprise Linux for ARM 64 9
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
aarch64
firefox-102.12.0-1.el9_2.aarch64.rpm
SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f
firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869
firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm
SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5
firefox-x11-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
aarch64
firefox-102.12.0-1.el9_2.aarch64.rpm
SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f
firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869
firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm
SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5
firefox-x11-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
ppc64le
firefox-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 8dc493cc396831419471fe48d26b90160965d0a70858e285ecb7e2025233b0c8
firefox-debuginfo-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 91bb60d4ca62d51cd058a1d297521789bcbc4c3d419eaa2e033e419facd059bb
firefox-debugsource-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 2e5a77f60c4de14cba49076aaa93183de5027a04ae4b0af5b872ea8b4d2c31e3
firefox-x11-102.12.0-1.el9_2.ppc64le.rpm
SHA-256: 5e653af9f7d44ddce261412155d4a11752b0b77672953c95b54043ee5db08315
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
x86_64
firefox-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 68d568d58c8464821adef45488b8ebd109825aba421fd1b6fa961993e604f085
firefox-debuginfo-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 3ef279f840978aa8eb09b0b829a36bb781518e2172f7b92518c2c4c118e03fd4
firefox-debugsource-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 93a9d89c5887f71ed37ef443b1d5b0a7d1179d245fb8aca4f4648ff29917733d
firefox-x11-102.12.0-1.el9_2.x86_64.rpm
SHA-256: 2f48321a3555172bcaf6f9e71e406830ed438d09e50b2606ad8d5d0c9b724d54
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
aarch64
firefox-102.12.0-1.el9_2.aarch64.rpm
SHA-256: cde0f62831a1c44af4fef0e4af38b5fc2e7786c64b3e43b1d5b8fe578226717f
firefox-debuginfo-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 52ec93f3ce7133c2fe7ea997799aa915750bcd0ff86b78b0858b2132d24b1869
firefox-debugsource-102.12.0-1.el9_2.aarch64.rpm
SHA-256: e4c752bf71ed11999c5775d6fa65ca1562e06b96f099112a8169e8991c256fd5
firefox-x11-102.12.0-1.el9_2.aarch64.rpm
SHA-256: 5877a805209a5d14ba6b867cb65cfd75d61e91d04d05caef9df1502614576071
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
firefox-102.12.0-1.el9_2.src.rpm
SHA-256: 31c691d5967936c5421a03535d7c4d72a5c7a55a4f846825ebda96a040e621a2
s390x
firefox-102.12.0-1.el9_2.s390x.rpm
SHA-256: 0c3ee5764c122762ba4c78ba28afe94ed1aacfb978d6b45a0987b44905c96f37
firefox-debuginfo-102.12.0-1.el9_2.s390x.rpm
SHA-256: ca191141904dc298f69e52588a1cca80d7c7ca24583b527018e92c225265e7c0
firefox-debugsource-102.12.0-1.el9_2.s390x.rpm
SHA-256: 52444ff064ac507319f0ff05f1fc842d15a704860e838004b12ce349c1f0cc3e
firefox-x11-102.12.0-1.el9_2.s390x.rpm
SHA-256: 12e0fe7c57a065d5d01e686760ee0ba92ed1c612f9a5707f162346c0a439ca0c
Related news
Gentoo Linux Security Advisory 202401-10 - Multiple vulnerabilities have been found in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.6.0:esr are affected.
When choosing a site-isolated process for a document loaded from a data: URL that was the result of a redirect, Firefox would load that document in the same process as the site that issued the redirect. This bypassed the site-isolation protections against Spectre-like attacks on sites that host an "open redirect". Firefox no longer follows HTTP redirects to data: URLs. This vulnerability affects Firefox < 114.
Red Hat Security Advisory 2023-3560-01 - Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 102.12.0 ESR.
Red Hat Security Advisory 2023-3566-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
Red Hat Security Advisory 2023-3564-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.12.0.
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to...
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...
An update for thunderbird is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...
An update for thunderbird is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before ...
An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locations immediately before navi...
An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and ...
Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
Ubuntu Security Notice 6143-2 - USN-6143-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise loc...
An update for thunderbird is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise loc...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts ...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts ...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locatio...
An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locatio...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in preci...
An update for thunderbird is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in p...
An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-34414: The Mozilla Foundation Security Advisory describes this flaw as: The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in preci...
Ubuntu Security Notice 6147-1 - Several security issues were discovered in the SpiderMonkey JavaScript library. If a user were tricked into opening malicious JavaScript applications or processing malformed data, a remote attacker could exploit a variety of issues related to JavaScript security, including denial of service attacks, and arbitrary code execution.
Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Debian Linux Security Advisory 5421-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code.
Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
Ubuntu Security Notice 6143-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. Jun Kokatsu discovered that Firefox did not properly validate site-isolated process for a document loaded from a data: URL that was the result of a redirect, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.