(RHSA-2023:0805) Important: firefox security update

2023-02-2007:58:54

access.redhat.com

mozilla

firefox

security update

version 102.8.0 esr

content security policy leak

screen hijack

use-after-free

memory safety bugs

extensions

out of bounds memory write

web crypto importkey

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

65.1%

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 102.8.0 ESR.

Security Fix(es):

Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64firefox< 102.8.0-2.el8_4firefox-102.8.0-2.el8_4.aarch64.rpm
RedHat8x86_64firefox-debugsource< 102.8.0-2.el8_4firefox-debugsource-102.8.0-2.el8_4.x86_64.rpm
RedHat8s390xfirefox< 102.8.0-2.el8_4firefox-102.8.0-2.el8_4.s390x.rpm
RedHat8aarch64firefox-debugsource< 102.8.0-2.el8_4firefox-debugsource-102.8.0-2.el8_4.aarch64.rpm
RedHat8ppc64lefirefox-debugsource< 102.8.0-2.el8_4firefox-debugsource-102.8.0-2.el8_4.ppc64le.rpm
RedHat8s390xfirefox-debuginfo< 102.8.0-2.el8_4firefox-debuginfo-102.8.0-2.el8_4.s390x.rpm
RedHat8ppc64lefirefox-debuginfo< 102.8.0-2.el8_4firefox-debuginfo-102.8.0-2.el8_4.ppc64le.rpm
RedHat8ppc64lefirefox< 102.8.0-2.el8_4firefox-102.8.0-2.el8_4.ppc64le.rpm
RedHat8x86_64firefox-debuginfo< 102.8.0-2.el8_4firefox-debuginfo-102.8.0-2.el8_4.x86_64.rpm
RedHat8aarch64firefox-debuginfo< 102.8.0-2.el8_4firefox-debuginfo-102.8.0-2.el8_4.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	firefox	< 102.8.0-2.el8_4	firefox-102.8.0-2.el8_4.aarch64.rpm
RedHat	8	x86_64	firefox-debugsource	< 102.8.0-2.el8_4	firefox-debugsource-102.8.0-2.el8_4.x86_64.rpm
RedHat	8	s390x	firefox	< 102.8.0-2.el8_4	firefox-102.8.0-2.el8_4.s390x.rpm
RedHat	8	aarch64	firefox-debugsource	< 102.8.0-2.el8_4	firefox-debugsource-102.8.0-2.el8_4.aarch64.rpm
RedHat	8	ppc64le	firefox-debugsource	< 102.8.0-2.el8_4	firefox-debugsource-102.8.0-2.el8_4.ppc64le.rpm
RedHat	8	s390x	firefox-debuginfo	< 102.8.0-2.el8_4	firefox-debuginfo-102.8.0-2.el8_4.s390x.rpm
RedHat	8	ppc64le	firefox-debuginfo	< 102.8.0-2.el8_4	firefox-debuginfo-102.8.0-2.el8_4.ppc64le.rpm
RedHat	8	ppc64le	firefox	< 102.8.0-2.el8_4	firefox-102.8.0-2.el8_4.ppc64le.rpm
RedHat	8	x86_64	firefox-debuginfo	< 102.8.0-2.el8_4	firefox-debuginfo-102.8.0-2.el8_4.x86_64.rpm
RedHat	8	aarch64	firefox-debuginfo	< 102.8.0-2.el8_4	firefox-debuginfo-102.8.0-2.el8_4.aarch64.rpm