Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-25744 (GCVE-0-2023-25744)
Vulnerability from cvelistv5 – Published: 2023-06-02 00:00 – Updated: 2025-01-09 16:11
VLAI
EPSS
Summary
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 110
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 102.8
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:11.855Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25744",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-09T16:10:45.458902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-09T16:11:13.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "110",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-02T00:00:00.000Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-25744",
"datePublished": "2023-06-02T00:00:00.000Z",
"dateReserved": "2023-02-13T00:00:00.000Z",
"dateUpdated": "2025-01-09T16:11:13.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-25744",
"date": "2026-06-02",
"epss": "0.00145",
"percentile": "0.34578"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-25744\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-06-02T17:15:11.677\",\"lastModified\":\"2024-11-21T07:50:03.790\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"110.0\",\"matchCriteriaId\":\"811EBB2F-0FAA-49DB-8B16-99341814C3D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.8\",\"matchCriteriaId\":\"731649BC-CBBC-4423-93E1-577EF7A17DBD\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536\",\"source\":\"security@mozilla.org\",\"tags\":[\"Broken Link\",\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-05/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-06/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Issue Tracking\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-05/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-06/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-06/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-05/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T11:32:11.855Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-25744\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-09T16:10:45.458902Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-09T16:11:02.705Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"110\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.8\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-06/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-05/\"}, {\"url\": \"https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2023-06-02T00:00:00.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-25744\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-09T16:11:13.434Z\", \"dateReserved\": \"2023-02-13T00:00:00.000Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-06-02T00:00:00.000Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
alsa-2023:0808
Vulnerability from osv_almalinux
Published
2023-02-20 00:00
Modified
2023-02-21 17:34
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.8.0 ESR.
Security Fix(es):
- Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
- Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
- Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
- Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
- Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
- Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
- Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
- Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
- Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
- Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
- Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
- Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.8.0-2.el8_7.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0808",
"modified": "2023-02-21T17:34:13Z",
"published": "2023-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0808"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25729"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25732"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25737"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25739"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25742"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25744"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25746"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170375"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170376"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170377"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170379"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170381"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170382"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170383"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170390"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170402"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-0808.html"
}
],
"related": [
"CVE-2023-0767",
"CVE-2023-25728",
"CVE-2023-25730",
"CVE-2023-25735",
"CVE-2023-25737",
"CVE-2023-25739",
"CVE-2023-25743",
"CVE-2023-25744",
"CVE-2023-25746",
"CVE-2023-25729",
"CVE-2023-25732",
"CVE-2023-25742"
],
"summary": "Important: firefox security update"
}
alsa-2023:0810
Vulnerability from osv_almalinux
Published
2023-02-20 00:00
Modified
2023-02-21 17:40
Summary
Important: firefox security update
Details
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.8.0 ESR.
Security Fix(es):
- Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
- Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
- Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
- Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
- Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
- Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
- Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
- Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
- Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
- Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
- Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
- Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.8.0-2.el9_1.alma"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "firefox-x11"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.8.0-2.el9_1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.8.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0810",
"modified": "2023-02-21T17:40:39Z",
"published": "2023-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0810"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25729"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25732"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25737"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25739"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25742"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25744"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25746"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170375"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170376"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170377"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170379"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170381"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170382"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170383"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170390"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170402"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-0810.html"
}
],
"related": [
"CVE-2023-0767",
"CVE-2023-25728",
"CVE-2023-25730",
"CVE-2023-25735",
"CVE-2023-25737",
"CVE-2023-25739",
"CVE-2023-25743",
"CVE-2023-25744",
"CVE-2023-25746",
"CVE-2023-25729",
"CVE-2023-25732",
"CVE-2023-25742"
],
"summary": "Important: firefox security update"
}
alsa-2023:0821
Vulnerability from osv_almalinux
Published
2023-02-20 00:00
Modified
2023-02-21 17:44
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.8.0.
Security Fix(es):
- Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
- Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
- Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
- Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
- Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
- Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
- Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
- Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
- Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
- Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
- Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
- Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)
- Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.8.0-2.el8_7.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0821",
"modified": "2023-02-21T17:44:48Z",
"published": "2023-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0821"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0616"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25729"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25732"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25737"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25739"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25742"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25744"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25746"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170375"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170376"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170377"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170379"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170381"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170382"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170383"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170390"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170402"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171397"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2023-0821.html"
}
],
"related": [
"CVE-2023-0767",
"CVE-2023-25728",
"CVE-2023-25730",
"CVE-2023-25735",
"CVE-2023-25737",
"CVE-2023-25739",
"CVE-2023-25743",
"CVE-2023-25744",
"CVE-2023-25746",
"CVE-2023-25729",
"CVE-2023-25732",
"CVE-2023-0616",
"CVE-2023-25742"
],
"summary": "Important: thunderbird security update"
}
alsa-2023:0824
Vulnerability from osv_almalinux
Published
2023-02-20 00:00
Modified
2023-02-21 17:50
Summary
Important: thunderbird security update
Details
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.8.0.
Security Fix(es):
- Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)
- Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)
- Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)
- Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)
- Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)
- Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)
- Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)
- Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)
- Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)
- Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)
- Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)
- Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)
- Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:9",
"name": "thunderbird"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "102.8.0-2.el9_1.alma"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.8.0.\n\nSecurity Fix(es):\n\n* Mozilla: Arbitrary memory write via PKCS 12 in NSS (CVE-2023-0767)\n* Mozilla: Content security policy leak in violation reports using iframes (CVE-2023-25728)\n* Mozilla: Screen hijack via browser fullscreen mode (CVE-2023-25730)\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-25735)\n* Mozilla: Invalid downcast in SVGUtils::SetupStrokeGeometry (CVE-2023-25737)\n* Mozilla: Use-after-free in mozilla::dom::ScriptLoadContext::~ScriptLoadContext (CVE-2023-25739)\n* Mozilla: Fullscreen notification not shown in Firefox Focus (CVE-2023-25743)\n* Mozilla: Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8 (CVE-2023-25744)\n* Mozilla: Memory safety bugs fixed in Firefox ESR 102.8 (CVE-2023-25746)\n* Mozilla: Extensions could have opened external schemes without user knowledge (CVE-2023-25729)\n* Mozilla: Out of bounds memory write from EncodeInputStream (CVE-2023-25732)\n* Mozilla: User Interface lockup with messages combining S/MIME and OpenPGP (CVE-2023-0616)\n* Mozilla: Web Crypto ImportKey crashes tab (CVE-2023-25742)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2023:0824",
"modified": "2023-02-21T17:50:38Z",
"published": "2023-02-20T00:00:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://access.redhat.com/errata/RHSA-2023:0824"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0616"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-0767"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25728"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25729"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25730"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25732"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25735"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25737"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25739"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25742"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25743"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25744"
},
{
"type": "REPORT",
"url": "https://access.redhat.com/security/cve/CVE-2023-25746"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170374"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170375"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170376"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170377"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170378"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170379"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170381"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170382"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170383"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170390"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170391"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2170402"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/2171397"
},
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/9/ALSA-2023-0824.html"
}
],
"related": [
"CVE-2023-0767",
"CVE-2023-25728",
"CVE-2023-25730",
"CVE-2023-25735",
"CVE-2023-25737",
"CVE-2023-25739",
"CVE-2023-25743",
"CVE-2023-25744",
"CVE-2023-25746",
"CVE-2023-25729",
"CVE-2023-25732",
"CVE-2023-0616",
"CVE-2023-25742"
],
"summary": "Important: thunderbird security update"
}
Title
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR, связанная с копирование в буфер без проверки размера входных данных, позволяющая нарушителю выполнять произвольный код в целевой системе
Description
Уязвимость браузеров Mozilla Firefox, Mozilla Firefox ESR связана с копирование в буфер без проверки размера входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнять произвольный код в целевой системе
Severity
Vendor
Red Hat Inc., ООО «РусБИТех-Астра», Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «ИВК», Mozilla Corp., АО "НППКТ"
Software Name
Red Hat Enterprise Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Debian GNU/Linux, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305), Firefox, Firefox ESR, ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913)
Software Version
7 (Red Hat Enterprise Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (РЕД ОС), 1.7 (Astra Linux Special Edition), - (Альт 8 СП), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), до 110 (Firefox), до 102.8 (Firefox ESR), до 2.8 (ОСОН ОСнова Оnyx)
Possible Mitigations
Для программных продуктов Mozilla Corp.:
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-25744
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-25744
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для Astra Linux Special Edition 4.7 для архитектуры ARM:
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения firefox-esr до версии 102.13.0esr+repack-1~deb10u1.osnova1
Для ОС Astra Linux Special Edition 1.7:
обновить пакет firefox до 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17
Для ОС Astra Linux 1.6 «Смоленск»:
обновить пакет firefox до 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 или более высокой версии, используя рекомендации производителя: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16
Reference
https://redos.red-soft.ru/support/secure/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/
https://security-tracker.debian.org/tracker/CVE-2023-25744
https://access.redhat.com/security/cve/CVE-2023-25744
https://altsp.su/obnovleniya-bezopasnosti/
https://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.8/
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16
CWE
CWE-120
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, Mozilla Corp., \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\"",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "7 (Red Hat Enterprise Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 8 (Red Hat Enterprise Linux), 10 (Debian GNU/Linux), 11 (Debian GNU/Linux), 8.1 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.4 Extended Update Support (Red Hat Enterprise Linux), 7.3 (\u0420\u0415\u0414 \u041e\u0421), 1.7 (Astra Linux Special Edition), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), 9 (Red Hat Enterprise Linux), 4.7 (Astra Linux Special Edition), 8.2 Telecommunications Update Service (Red Hat Enterprise Linux), 8.2 Update Services for SAP Solutions (Red Hat Enterprise Linux), 8.6 Extended Update Support (Red Hat Enterprise Linux), 8.2 Advanced Update Support (Red Hat Enterprise Linux), \u0434\u043e 110 (Firefox), \u0434\u043e 102.8 (Firefox ESR), \u0434\u043e 2.8 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Mozilla Corp.:\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-05/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2023-25744\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/CVE-2023-25744\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f Astra Linux Special Edition 4.7 \u0434\u043b\u044f \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b ARM:\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f firefox-esr \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 102.13.0esr+repack-1~deb10u1.osnova1\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux Special Edition 1.7:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 111.0.1+build2-0ubuntu0.18.04.1+ci202304041739+astra12 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se17-bulletin-2023-0426SE17\n\n\u0414\u043b\u044f \u041e\u0421 Astra Linux 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb:\n\u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u043f\u0430\u043a\u0435\u0442 firefox \u0434\u043e 120.0+build2-0ubuntu0.20.04.1+ci202311281348+astra13 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f: https://wiki.astralinux.ru/astra-linux-se16-bulletin-20231214SE16",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "15.02.2023",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "30.09.2024",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.03.2023",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-01262",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-25744",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Enterprise Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Debian GNU/Linux, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Firefox, Firefox ESR, \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 7 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.4 Extended Update Support , \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb \u0420\u0415\u0414 \u041e\u0421 7.3 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.7 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), Red Hat Inc. Red Hat Enterprise Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 4.7 ARM (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Red Hat Inc. Red Hat Enterprise Linux 8.2 Telecommunications Update Service , Red Hat Inc. Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions , Red Hat Inc. Red Hat Enterprise Linux 8.6 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Advanced Update Support , \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.8 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u0431\u0443\u0444\u0435\u0440 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0440\u0430\u0443\u0437\u0435\u0440\u043e\u0432 Mozilla Firefox, Mozilla Firefox ESR \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0432 \u0431\u0443\u0444\u0435\u0440 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://redos.red-soft.ru/support/secure/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-05/\nhttps://www.mozilla.org/en-US/security/advisories/mfsa2023-06/\nhttps://security-tracker.debian.org/tracker/CVE-2023-25744\nhttps://access.redhat.com/security/cve/CVE-2023-25744\nhttps://altsp.su/obnovleniya-bezopasnosti/\n\nhttps://wiki.astralinux.ru/astra-linux-se47-bulletin-2023-0727SE47\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.8/\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20220829SE16",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,3)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2023-AVI-0124
Vulnerability from certfr_avis - Published: 2023-02-15 - Updated: 2023-02-15
De multiples vulnérabilités ont été corrigées dans Mozilla Firefox. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 110",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 102.8",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-25730",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25730"
},
{
"name": "CVE-2023-25728",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25728"
},
{
"name": "CVE-2023-25735",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25735"
},
{
"name": "CVE-2023-25739",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25739"
},
{
"name": "CVE-2023-25729",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25729"
},
{
"name": "CVE-2023-25731",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25731"
},
{
"name": "CVE-2023-25744",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25744"
},
{
"name": "CVE-2023-25732",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25732"
},
{
"name": "CVE-2023-25740",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25740"
},
{
"name": "CVE-2023-0767",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-0767"
},
{
"name": "CVE-2023-25733",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25733"
},
{
"name": "CVE-2023-25742",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25742"
},
{
"name": "CVE-2023-25737",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25737"
},
{
"name": "CVE-2023-25734",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25734"
},
{
"name": "CVE-2023-25745",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25745"
},
{
"name": "CVE-2023-25736",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25736"
},
{
"name": "CVE-2023-25741",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25741"
},
{
"name": "CVE-2023-25746",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25746"
},
{
"name": "CVE-2023-25738",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25738"
},
{
"name": "CVE-2023-25743",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-25743"
}
],
"initial_release_date": "2023-02-15T00:00:00",
"last_revision_date": "2023-02-15T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 14 f\u00e9vrier 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-06/"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla du 14 f\u00e9vrier 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/"
}
],
"reference": "CERTFR-2023-AVI-0124",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-02-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans\u003cspan\nclass=\"textit\"\u003e\u00a0Mozilla\u00a0Firefox\u003c/span\u003e. Elles permettent \u00e0 un attaquant\nde provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une\nex\u00e9cution de code arbitraire \u00e0 distance et un contournement de la\npolitique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mozilla Firefox",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-05 du 14 f\u00e9vrier 2023",
"url": null
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-06 du 14 f\u00e9vrier 2023",
"url": null
}
]
}
FKIE_CVE-2023-25744
Vulnerability from fkie_nvd - Published: 2023-06-02 17:15 - Updated: 2024-11-21 07:50
Severity
Summary
Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536 | Broken Link, Issue Tracking | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2023-05/ | Vendor Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2023-06/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536 | Broken Link, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2023-05/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2023-06/ | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mozilla | firefox | * | |
| mozilla | firefox_esr | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "811EBB2F-0FAA-49DB-8B16-99341814C3D1",
"versionEndExcluding": "110.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"matchCriteriaId": "731649BC-CBBC-4423-93E1-577EF7A17DBD",
"versionEndExcluding": "102.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8."
}
],
"id": "CVE-2023-25744",
"lastModified": "2024-11-21T07:50:03.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-02T17:15:11.677",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Broken Link",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-Q623-4XV2-3FQ3
Vulnerability from github – Published: 2023-06-02 18:30 – Updated: 2024-04-04 04:30
VLAI
Details
Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2023-25744"
],
"database_specific": {
"cwe_ids": [
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-06-02T17:15:11Z",
"severity": "HIGH"
},
"details": "Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.",
"id": "GHSA-q623-4xv2-3fq3",
"modified": "2024-04-04T04:30:10Z",
"published": "2023-06-02T18:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25744"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2023-25744
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-25744",
"id": "GSD-2023-25744",
"references": [
"https://www.debian.org/security/2023/dsa-5350",
"https://www.debian.org/security/2023/dsa-5355",
"https://advisories.mageia.org/CVE-2023-25744.html",
"https://access.redhat.com/errata/RHSA-2023:0805",
"https://access.redhat.com/errata/RHSA-2023:0806",
"https://access.redhat.com/errata/RHSA-2023:0807",
"https://access.redhat.com/errata/RHSA-2023:0808",
"https://access.redhat.com/errata/RHSA-2023:0809",
"https://access.redhat.com/errata/RHSA-2023:0810",
"https://access.redhat.com/errata/RHSA-2023:0811",
"https://access.redhat.com/errata/RHSA-2023:0812",
"https://access.redhat.com/errata/RHSA-2023:0817",
"https://access.redhat.com/errata/RHSA-2023:0818",
"https://access.redhat.com/errata/RHSA-2023:0819",
"https://access.redhat.com/errata/RHSA-2023:0820",
"https://access.redhat.com/errata/RHSA-2023:0821",
"https://access.redhat.com/errata/RHSA-2023:0822",
"https://access.redhat.com/errata/RHSA-2023:0823",
"https://access.redhat.com/errata/RHSA-2023:0824",
"https://www.suse.com/security/cve/CVE-2023-25744.html",
"https://ubuntu.com/security/CVE-2023-25744"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-25744"
],
"details": "Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.",
"id": "GSD-2023-25744",
"modified": "2023-12-13T01:20:40.936013Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2023-25744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Firefox",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "110"
}
]
}
},
{
"product_name": "Firefox ESR",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "102.8"
}
]
}
}
]
},
"vendor_name": "Mozilla"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Memory safety bugs fixed in Firefox 110 and Firefox ESR 102.8"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
"refsource": "MISC",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "102.8",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "110.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2023-25744"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Mozilla developers Kershaw Chang and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536",
"refsource": "MISC",
"tags": [
"Broken Link",
"Issue Tracking"
],
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1789449%2C1803628%2C1810536"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-05/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-05/"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2023-06/",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-06/"
}
]
}
},
"impact": {
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
},
"lastModifiedDate": "2023-06-08T17:09Z",
"publishedDate": "2023-06-02T17:15Z"
}
}
}
OPENSUSE-SU-2024:12702-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
libmozjs-102-0-102.8.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: libmozjs-102-0-102.8.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the libmozjs-102-0-102.8.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-12702
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.4 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.8 (High)
Affected products
Recommended
12 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
50 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2023-0767/ | self |
| https://www.suse.com/security/cve/CVE-2023-25728/ | self |
| https://www.suse.com/security/cve/CVE-2023-25729/ | self |
| https://www.suse.com/security/cve/CVE-2023-25730/ | self |
| https://www.suse.com/security/cve/CVE-2023-25732/ | self |
| https://www.suse.com/security/cve/CVE-2023-25734/ | self |
| https://www.suse.com/security/cve/CVE-2023-25735/ | self |
| https://www.suse.com/security/cve/CVE-2023-25737/ | self |
| https://www.suse.com/security/cve/CVE-2023-25738/ | self |
| https://www.suse.com/security/cve/CVE-2023-25739/ | self |
| https://www.suse.com/security/cve/CVE-2023-25742/ | self |
| https://www.suse.com/security/cve/CVE-2023-25743/ | self |
| https://www.suse.com/security/cve/CVE-2023-25744/ | self |
| https://www.suse.com/security/cve/CVE-2023-25746/ | self |
| https://www.suse.com/security/cve/CVE-2023-0767 | external |
| https://bugzilla.suse.com/1208138 | external |
| https://bugzilla.suse.com/1213200 | external |
| https://bugzilla.suse.com/1213818 | external |
| https://bugzilla.suse.com/1214271 | external |
| https://bugzilla.suse.com/1218481 | external |
| https://bugzilla.suse.com/1218964 | external |
| https://bugzilla.suse.com/1225630 | external |
| https://www.suse.com/security/cve/CVE-2023-25728 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25729 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25730 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25732 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25734 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25735 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25737 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25738 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25739 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25742 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25743 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25744 | external |
| https://bugzilla.suse.com/1208144 | external |
| https://www.suse.com/security/cve/CVE-2023-25746 | external |
| https://bugzilla.suse.com/1208144 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "libmozjs-102-0-102.8.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the libmozjs-102-0-102.8.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-12702",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_12702-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0767 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25728 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25729 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25730 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25732 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25734 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25734/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25735 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25737 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25738 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25739 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25742 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25743 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25744 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25746 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25746/"
}
],
"title": "libmozjs-102-0-102.8.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:12702-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.8.0-1.1.aarch64",
"product": {
"name": "libmozjs-102-0-102.8.0-1.1.aarch64",
"product_id": "libmozjs-102-0-102.8.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs102-102.8.0-1.1.aarch64",
"product": {
"name": "mozjs102-102.8.0-1.1.aarch64",
"product_id": "mozjs102-102.8.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.8.0-1.1.aarch64",
"product": {
"name": "mozjs102-devel-102.8.0-1.1.aarch64",
"product_id": "mozjs102-devel-102.8.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.8.0-1.1.ppc64le",
"product": {
"name": "libmozjs-102-0-102.8.0-1.1.ppc64le",
"product_id": "libmozjs-102-0-102.8.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs102-102.8.0-1.1.ppc64le",
"product": {
"name": "mozjs102-102.8.0-1.1.ppc64le",
"product_id": "mozjs102-102.8.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.8.0-1.1.ppc64le",
"product": {
"name": "mozjs102-devel-102.8.0-1.1.ppc64le",
"product_id": "mozjs102-devel-102.8.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.8.0-1.1.s390x",
"product": {
"name": "libmozjs-102-0-102.8.0-1.1.s390x",
"product_id": "libmozjs-102-0-102.8.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs102-102.8.0-1.1.s390x",
"product": {
"name": "mozjs102-102.8.0-1.1.s390x",
"product_id": "mozjs102-102.8.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.8.0-1.1.s390x",
"product": {
"name": "mozjs102-devel-102.8.0-1.1.s390x",
"product_id": "mozjs102-devel-102.8.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "libmozjs-102-0-102.8.0-1.1.x86_64",
"product": {
"name": "libmozjs-102-0-102.8.0-1.1.x86_64",
"product_id": "libmozjs-102-0-102.8.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs102-102.8.0-1.1.x86_64",
"product": {
"name": "mozjs102-102.8.0-1.1.x86_64",
"product_id": "mozjs102-102.8.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "mozjs102-devel-102.8.0-1.1.x86_64",
"product": {
"name": "mozjs102-devel-102.8.0-1.1.x86_64",
"product_id": "mozjs102-devel-102.8.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64"
},
"product_reference": "libmozjs-102-0-102.8.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le"
},
"product_reference": "libmozjs-102-0-102.8.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.8.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x"
},
"product_reference": "libmozjs-102-0-102.8.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libmozjs-102-0-102.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64"
},
"product_reference": "libmozjs-102-0-102.8.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64"
},
"product_reference": "mozjs102-102.8.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le"
},
"product_reference": "mozjs102-102.8.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.8.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x"
},
"product_reference": "mozjs102-102.8.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-102.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64"
},
"product_reference": "mozjs102-102.8.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.8.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64"
},
"product_reference": "mozjs102-devel-102.8.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.8.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le"
},
"product_reference": "mozjs102-devel-102.8.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.8.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x"
},
"product_reference": "mozjs102-devel-102.8.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mozjs102-devel-102.8.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
},
"product_reference": "mozjs102-devel-102.8.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-0767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0767"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0767",
"url": "https://www.suse.com/security/cve/CVE-2023-0767"
},
{
"category": "external",
"summary": "SUSE Bug 1208138 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1208138"
},
{
"category": "external",
"summary": "SUSE Bug 1213200 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1213200"
},
{
"category": "external",
"summary": "SUSE Bug 1213818 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1213818"
},
{
"category": "external",
"summary": "SUSE Bug 1214271 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1214271"
},
{
"category": "external",
"summary": "SUSE Bug 1218481 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1218481"
},
{
"category": "external",
"summary": "SUSE Bug 1218964 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1218964"
},
{
"category": "external",
"summary": "SUSE Bug 1225630 for CVE-2023-0767",
"url": "https://bugzilla.suse.com/1225630"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-0767"
},
{
"cve": "CVE-2023-25728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25728"
}
],
"notes": [
{
"category": "general",
"text": "The \u003ccode\u003eContent-Security-Policy-Report-Only\u003c/code\u003e header could allow an attacker to leak a child iframe\u0027s unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25728",
"url": "https://www.suse.com/security/cve/CVE-2023-25728"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25728",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25728"
},
{
"cve": "CVE-2023-25729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25729"
}
],
"notes": [
{
"category": "general",
"text": "Permission prompts for opening external schemes were only shown for \u003ccode\u003eContentPrincipals\u003c/code\u003e resulting in extensions being able to open them without user interaction via \u003ccode\u003eExpandedPrincipals\u003c/code\u003e. This could lead to further malicious actions such as downloading files or interacting with software already installed on the system. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25729",
"url": "https://www.suse.com/security/cve/CVE-2023-25729"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25729",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25729"
},
{
"cve": "CVE-2023-25730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25730"
}
],
"notes": [
{
"category": "general",
"text": "A background script invoking \u003ccode\u003erequestFullscreen\u003c/code\u003e and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25730",
"url": "https://www.suse.com/security/cve/CVE-2023-25730"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25730",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25730"
},
{
"cve": "CVE-2023-25732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25732"
}
],
"notes": [
{
"category": "general",
"text": "When encoding data from an \u003ccode\u003einputStream\u003c/code\u003e in \u003ccode\u003expcom\u003c/code\u003e the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25732",
"url": "https://www.suse.com/security/cve/CVE-2023-25732"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25732",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25732"
},
{
"cve": "CVE-2023-25734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25734"
}
],
"notes": [
{
"category": "general",
"text": "After downloading a Windows \u003ccode\u003e.url\u003c/code\u003e shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.\u003cbr\u003e*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25734",
"url": "https://www.suse.com/security/cve/CVE-2023-25734"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25734",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25734"
},
{
"cve": "CVE-2023-25735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25735"
}
],
"notes": [
{
"category": "general",
"text": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25735",
"url": "https://www.suse.com/security/cve/CVE-2023-25735"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25735",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25735"
},
{
"cve": "CVE-2023-25737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25737"
}
],
"notes": [
{
"category": "general",
"text": "An invalid downcast from \u003ccode\u003ensTextNode\u003c/code\u003e to \u003ccode\u003eSVGElement\u003c/code\u003e could have lead to undefined behavior. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25737",
"url": "https://www.suse.com/security/cve/CVE-2023-25737"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25737",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25737"
},
{
"cve": "CVE-2023-25738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25738"
}
],
"notes": [
{
"category": "general",
"text": "Members of the \u003ccode\u003eDEVMODEW\u003c/code\u003e struct set by the printer device driver weren\u0027t being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of bounds access to related variables.\u003cbr\u003e*This bug only affects Firefox on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25738",
"url": "https://www.suse.com/security/cve/CVE-2023-25738"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25738",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25738"
},
{
"cve": "CVE-2023-25739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25739"
}
],
"notes": [
{
"category": "general",
"text": "Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in \u003ccode\u003eScriptLoadContext\u003c/code\u003e. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25739",
"url": "https://www.suse.com/security/cve/CVE-2023-25739"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25739",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25739"
},
{
"cve": "CVE-2023-25742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25742"
}
],
"notes": [
{
"category": "general",
"text": "When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox \u003c 110, Thunderbird \u003c 102.8, and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25742",
"url": "https://www.suse.com/security/cve/CVE-2023-25742"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25742",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25742"
},
{
"cve": "CVE-2023-25743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25743"
}
],
"notes": [
{
"category": "general",
"text": "A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.\u003cbr\u003e*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25743",
"url": "https://www.suse.com/security/cve/CVE-2023-25743"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25743",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25743"
},
{
"cve": "CVE-2023-25744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25744"
}
],
"notes": [
{
"category": "general",
"text": "Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 110 and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25744",
"url": "https://www.suse.com/security/cve/CVE-2023-25744"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25744",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25744"
},
{
"cve": "CVE-2023-25746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25746"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird \u003c 102.8 and Firefox ESR \u003c 102.8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25746",
"url": "https://www.suse.com/security/cve/CVE-2023-25746"
},
{
"category": "external",
"summary": "SUSE Bug 1208144 for CVE-2023-25746",
"url": "https://bugzilla.suse.com/1208144"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:libmozjs-102-0-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-102.8.0-1.1.x86_64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.aarch64",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.ppc64le",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.s390x",
"openSUSE Tumbleweed:mozjs102-devel-102.8.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-25746"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…