RLSA-2023:1336

Security

Mirrored from RHSA-2023:1336

Issued at: 2023-03-28

Updated at: 2023-03-28

Synopsis

Important: firefox security update

Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.9.0 ESR.

Security Fix(es):

* Mozilla: Incorrect code generation during JIT compilation (CVE-2023-25751)

* Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9 (CVE-2023-28176)

* Mozilla: Potential out-of-bounds when accessing throttled streams (CVE-2023-25752)

* Mozilla: Invalid downcast in Worklets (CVE-2023-28162)

* Mozilla: URL being dragged from a removed cross-origin iframe into the same tab triggered navigation (CVE-2023-28164)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2178458

2178460

2178466

2178470

2178472

CVEs

CVE-2023-25751

CVE-2023-25752

CVE-2023-28162

CVE-2023-28164

CVE-2023-28176

Affected packages

Rocky Linux 8 aarch64 - AppStream

firefox-0:102.9.0-3.el8_7.aarch64.rpm

firefox-0:102.9.0-3.el8_7.src.rpm

firefox-debuginfo-0:102.9.0-3.el8_7.aarch64.rpm

firefox-debugsource-0:102.9.0-3.el8_7.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

firefox-0:102.9.0-3.el8_7.src.rpm

firefox-0:102.9.0-3.el8_7.x86_64.rpm

firefox-debuginfo-0:102.9.0-3.el8_7.x86_64.rpm

firefox-debugsource-0:102.9.0-3.el8_7.x86_64.rpm