Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-37208 (GCVE-0-2023-37208)
Vulnerability from cvelistv5 – Published: 2023-07-05 08:54 – Updated: 2024-11-20 21:35
VLAI
EPSS
Summary
When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.
Severity
No CVSS data available.
CWE
- Lack of warning when opening Diagcab files
Assigner
References
8 references
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Mozilla | Firefox |
Affected:
unspecified , < 115
(custom)
|
|
| Mozilla | Firefox ESR |
Affected:
unspecified , < 102.13
(custom)
|
|
| Mozilla | Thunderbird |
Affected:
unspecified , < 102.13
(custom)
|
Credits
P Umar Farooq
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:33.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837675"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5450"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5451"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T21:34:29.247769Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T21:35:10.883Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "115",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Firefox ESR",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "Thunderbird",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "102.13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "P Umar Farooq"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13."
}
],
"value": "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Lack of warning when opening Diagcab files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-12T14:07:05.749Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1837675"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html"
},
{
"url": "https://www.debian.org/security/2023/dsa-5450"
},
{
"url": "https://www.debian.org/security/2023/dsa-5451"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-22/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-23/"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-24/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-37208",
"datePublished": "2023-07-05T08:54:19.005Z",
"dateReserved": "2023-06-28T18:07:02.266Z",
"dateUpdated": "2024-11-20T21:35:10.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2023-37208",
"date": "2026-05-29",
"epss": "0.00048",
"percentile": "0.15339"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-37208\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-07-05T09:15:10.023\",\"lastModified\":\"2024-11-21T08:11:12.080\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"115.0\",\"matchCriteriaId\":\"D1EEB7A5-332B-475E-8BEC-52B282166DDA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.13\",\"matchCriteriaId\":\"D7E02D3B-8A45-46DD-A53D-C374264A31F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"102.13\",\"matchCriteriaId\":\"10BCAF6D-BACC-4240-A6EA-FBC769D9F5BF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D69DCC-AE4D-4EA5-861C-D60951444C6C\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1837675\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\",\"source\":\"security@mozilla.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\",\"source\":\"security@mozilla.org\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5450\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5451\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-22/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-23/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-24/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1837675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2023/dsa-5450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2023/dsa-5451\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-22/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-23/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-24/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837675\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T17:09:33.201Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-37208\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-20T21:34:29.247769Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-20T21:35:06.628Z\"}}], \"cna\": {\"credits\": [{\"lang\": \"en\", \"value\": \"P Umar Farooq\"}], \"affected\": [{\"vendor\": \"Mozilla\", \"product\": \"Firefox\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"115\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Firefox ESR\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.13\", \"versionType\": \"custom\"}]}, {\"vendor\": \"Mozilla\", \"product\": \"Thunderbird\", \"versions\": [{\"status\": \"affected\", \"version\": \"unspecified\", \"lessThan\": \"102.13\", \"versionType\": \"custom\"}]}], \"references\": [{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1837675\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00006.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2023/07/msg00015.html\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5450\"}, {\"url\": \"https://www.debian.org/security/2023/dsa-5451\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-22/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-23/\"}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-24/\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"Lack of warning when opening Diagcab files\"}]}], \"providerMetadata\": {\"orgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"shortName\": \"mozilla\", \"dateUpdated\": \"2023-07-12T14:07:05.749Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-37208\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-20T21:35:10.883Z\", \"dateReserved\": \"2023-06-28T18:07:02.266Z\", \"assignerOrgId\": \"f16b083a-5664-49f3-a51e-8d479e5ed7fe\", \"datePublished\": \"2023-07-05T08:54:19.005Z\", \"assignerShortName\": \"mozilla\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
RHSA-2023:4069
Vulnerability from csaf_redhat - Published: 2023-07-13 08:47 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4069",
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4069.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:10+00:00",
"generator": {
"date": "2025-11-21T18:42:10+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4069",
"initial_release_date": "2023-07-13T08:47:16+00:00",
"revision_history": [
{
"date": "2023-07-13T08:47:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:47:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:10+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_6.src",
"product": {
"name": "firefox-0:102.13.0-2.el8_6.src",
"product_id": "firefox-0:102.13.0-2.el8_6.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_6?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_6.aarch64",
"product": {
"name": "firefox-0:102.13.0-2.el8_6.aarch64",
"product_id": "firefox-0:102.13.0-2.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_6?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_6?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_6.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el8_6.ppc64le",
"product_id": "firefox-0:102.13.0-2.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_6?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_6?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_6.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el8_6.x86_64",
"product_id": "firefox-0:102.13.0-2.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_6.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_6?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_6?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_6.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el8_6.s390x",
"product_id": "firefox-0:102.13.0-2.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_6?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_6?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64"
},
"product_reference": "firefox-0:102.13.0-2.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_6.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_6.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_6.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_6.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:47:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:47:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:47:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:47:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:47:16+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4069"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.src",
"AppStream-8.6.0.Z.EUS:firefox-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el8_6.x86_64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.aarch64",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.ppc64le",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.s390x",
"AppStream-8.6.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el8_6.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4070
Vulnerability from csaf_redhat - Published: 2023-07-13 08:44 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
15 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4070",
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4070.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:11+00:00",
"generator": {
"date": "2025-11-21T18:42:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4070",
"initial_release_date": "2023-07-13T08:44:17+00:00",
"revision_history": [
{
"date": "2023-07-13T08:44:17+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:44:17+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.2::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.2::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_2.src",
"product": {
"name": "firefox-0:102.13.0-2.el8_2.src",
"product_id": "firefox-0:102.13.0-2.el8_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_2.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el8_2.x86_64",
"product_id": "firefox-0:102.13.0-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_2.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el8_2.ppc64le",
"product_id": "firefox-0:102.13.0-2.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.src as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.src as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.src",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v. 8.2)",
"product_id": "AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"relates_to_product_reference": "AppStream-8.2.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:44:17+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.AUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.E4S:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.ppc64le",
"AppStream-8.2.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.src",
"AppStream-8.2.0.Z.TUS:firefox-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_2.x86_64",
"AppStream-8.2.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4071
Vulnerability from csaf_redhat - Published: 2023-07-13 08:49 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
17 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4071",
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4071.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:11+00:00",
"generator": {
"date": "2025-11-21T18:42:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4071",
"initial_release_date": "2023-07-13T08:49:29+00:00",
"revision_history": [
{
"date": "2023-07-13T08:49:29+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:49:29+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_2.src",
"product": {
"name": "firefox-0:102.13.0-2.el9_2.src",
"product_id": "firefox-0:102.13.0-2.el9_2.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_2?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_2.aarch64",
"product": {
"name": "firefox-0:102.13.0-2.el9_2.aarch64",
"product_id": "firefox-0:102.13.0-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.13.0-2.el9_2.aarch64",
"product": {
"name": "firefox-x11-0:102.13.0-2.el9_2.aarch64",
"product_id": "firefox-x11-0:102.13.0-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.13.0-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_2?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_2?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_2.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el9_2.ppc64le",
"product_id": "firefox-0:102.13.0-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"product": {
"name": "firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"product_id": "firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.13.0-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_2?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_2?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_2.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el9_2.x86_64",
"product_id": "firefox-0:102.13.0-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.13.0-2.el9_2.x86_64",
"product": {
"name": "firefox-x11-0:102.13.0-2.el9_2.x86_64",
"product_id": "firefox-x11-0:102.13.0-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.13.0-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_2?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_2?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_2.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el9_2.s390x",
"product_id": "firefox-0:102.13.0-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-x11-0:102.13.0-2.el9_2.s390x",
"product": {
"name": "firefox-x11-0:102.13.0-2.el9_2.s390x",
"product_id": "firefox-x11-0:102.13.0-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-x11@102.13.0-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_2?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_2?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64"
},
"product_reference": "firefox-0:102.13.0-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_2.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src"
},
"product_reference": "firefox-0:102.13.0-2.el9_2.src",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.13.0-2.el9_2.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64"
},
"product_reference": "firefox-x11-0:102.13.0-2.el9_2.aarch64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.13.0-2.el9_2.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le"
},
"product_reference": "firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.13.0-2.el9_2.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x"
},
"product_reference": "firefox-x11-0:102.13.0-2.el9_2.s390x",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-x11-0:102.13.0-2.el9_2.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
},
"product_reference": "firefox-x11-0:102.13.0-2.el9_2.x86_64",
"relates_to_product_reference": "AppStream-9.2.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:49:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:49:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:49:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:49:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:49:29+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4071"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.src",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el9_2.x86_64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.aarch64",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.ppc64le",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.s390x",
"AppStream-9.2.0.Z.MAIN.EUS:firefox-x11-0:102.13.0-2.el9_2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4072
Vulnerability from csaf_redhat - Published: 2023-07-13 08:50 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4072",
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4072.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:11+00:00",
"generator": {
"date": "2025-11-21T18:42:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4072",
"initial_release_date": "2023-07-13T08:50:02+00:00",
"revision_history": [
{
"date": "2023-07-13T08:50:02+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:50:02+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.1::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_1.src",
"product": {
"name": "firefox-0:102.13.0-2.el8_1.src",
"product_id": "firefox-0:102.13.0-2.el8_1.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_1?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_1.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el8_1.ppc64le",
"product_id": "firefox-0:102.13.0-2.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_1?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_1?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_1.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el8_1.x86_64",
"product_id": "firefox-0:102.13.0-2.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_1.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_1.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_1?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_1?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_1.src as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_1.src",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_1.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_1.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v. 8.1)",
"product_id": "AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_1.x86_64",
"relates_to_product_reference": "AppStream-8.1.0.Z.E4S"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:02+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4072"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.src",
"AppStream-8.1.0.Z.E4S:firefox-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_1.x86_64",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.ppc64le",
"AppStream-8.1.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4073
Vulnerability from csaf_redhat - Published: 2023-07-13 08:50 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4073",
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4073.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:11+00:00",
"generator": {
"date": "2025-11-21T18:42:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4073",
"initial_release_date": "2023-07-13T08:50:48+00:00",
"revision_history": [
{
"date": "2023-07-13T08:50:48+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:50:48+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:9.0::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_0.src",
"product": {
"name": "firefox-0:102.13.0-2.el9_0.src",
"product_id": "firefox-0:102.13.0-2.el9_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_0.aarch64",
"product": {
"name": "firefox-0:102.13.0-2.el9_0.aarch64",
"product_id": "firefox-0:102.13.0-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_0?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_0?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_0.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el9_0.ppc64le",
"product_id": "firefox-0:102.13.0-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_0?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_0?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_0.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el9_0.x86_64",
"product_id": "firefox-0:102.13.0-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_0.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el9_0.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el9_0.s390x",
"product_id": "firefox-0:102.13.0-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"product_id": "firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el9_0?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el9_0?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64"
},
"product_reference": "firefox-0:102.13.0-2.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_0.src as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src"
},
"product_reference": "firefox-0:102.13.0-2.el9_0.src",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el9_0.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.9.0)",
"product_id": "AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el9_0.x86_64",
"relates_to_product_reference": "AppStream-9.0.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:50:48+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4073"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.src",
"AppStream-9.0.0.Z.EUS:firefox-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debuginfo-0:102.13.0-2.el9_0.x86_64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.aarch64",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.ppc64le",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.s390x",
"AppStream-9.0.0.Z.EUS:firefox-debugsource-0:102.13.0-2.el9_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4074
Vulnerability from csaf_redhat - Published: 2023-07-13 08:55 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: thunderbird security update
Severity
Important
Notes
Topic: An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.13.0.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nThis update upgrades Thunderbird to version 102.13.0.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4074",
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4074.json"
}
],
"title": "Red Hat Security Advisory: thunderbird security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:13+00:00",
"generator": {
"date": "2025-11-21T18:42:13+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4074",
"initial_release_date": "2023-07-13T08:55:44+00:00",
"revision_history": [
{
"date": "2023-07-13T08:55:44+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:55:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:13+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.13.0-2.el8_4.src",
"product": {
"name": "thunderbird-0:102.13.0-2.el8_4.src",
"product_id": "thunderbird-0:102.13.0-2.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.13.0-2.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"product_id": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.13.0-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"product_id": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.13.0-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product_id": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.13.0-2.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "thunderbird-0:102.13.0-2.el8_4.aarch64",
"product_id": "thunderbird-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.13.0-2.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"product_id": "thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.13.0-2.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product_id": "thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.13.0-2.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "thunderbird-0:102.13.0-2.el8_4.ppc64le",
"product_id": "thunderbird-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.13.0-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product_id": "thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.13.0-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product_id": "thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.13.0-2.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "thunderbird-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "thunderbird-0:102.13.0-2.el8_4.s390x",
"product_id": "thunderbird-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird@102.13.0-2.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"product_id": "thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debugsource@102.13.0-2.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"product_id": "thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/thunderbird-debuginfo@102.13.0-2.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:44+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAll running instances of Thunderbird must be restarted for the update to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4074"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:thunderbird-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:thunderbird-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4075
Vulnerability from csaf_redhat - Published: 2023-07-13 08:55 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4075",
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4075.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:11+00:00",
"generator": {
"date": "2025-11-21T18:42:11+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4075",
"initial_release_date": "2023-07-13T08:55:47+00:00",
"revision_history": [
{
"date": "2023-07-13T08:55:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:55:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:11+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_aus:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_e4s:8.4::appstream"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product": {
"name": "Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_tus:8.4::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_4.src",
"product": {
"name": "firefox-0:102.13.0-2.el8_4.src",
"product_id": "firefox-0:102.13.0-2.el8_4.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_4?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el8_4.x86_64",
"product_id": "firefox-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_4?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_4?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "firefox-0:102.13.0-2.el8_4.aarch64",
"product_id": "firefox-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_4?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_4?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el8_4.ppc64le",
"product_id": "firefox-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_4?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_4?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el8_4.s390x",
"product_id": "firefox-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_4?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_4?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream AUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.AUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.aarch64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.ppc64le as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.s390x as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream E4S (v.8.4)",
"product_id": "AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.E4S"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.src as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.src",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64 as a component of Red Hat Enterprise Linux AppStream TUS (v.8.4)",
"product_id": "AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"relates_to_product_reference": "AppStream-8.4.0.Z.TUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:55:47+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4075"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.AUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.AUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.E4S:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.aarch64",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.ppc64le",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.s390x",
"AppStream-8.4.0.Z.E4S:firefox-debugsource-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.src",
"AppStream-8.4.0.Z.TUS:firefox-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debuginfo-0:102.13.0-2.el8_4.x86_64",
"AppStream-8.4.0.Z.TUS:firefox-debugsource-0:102.13.0-2.el8_4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4076
Vulnerability from csaf_redhat - Published: 2023-07-13 08:56 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
13 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4076",
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4076.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:12+00:00",
"generator": {
"date": "2025-11-21T18:42:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4076",
"initial_release_date": "2023-07-13T08:56:52+00:00",
"revision_history": [
{
"date": "2023-07-13T08:56:52+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T08:56:52+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_8.src",
"product": {
"name": "firefox-0:102.13.0-2.el8_8.src",
"product_id": "firefox-0:102.13.0-2.el8_8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_8.aarch64",
"product": {
"name": "firefox-0:102.13.0-2.el8_8.aarch64",
"product_id": "firefox-0:102.13.0-2.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_8.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el8_8.ppc64le",
"product_id": "firefox-0:102.13.0-2.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_8.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el8_8.x86_64",
"product_id": "firefox-0:102.13.0-2.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_8.x86_64",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.x86_64",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el8_8.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el8_8.s390x",
"product_id": "firefox-0:102.13.0-2.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"product": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"product_id": "firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debugsource@102.13.0-2.el8_8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el8_8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64"
},
"product_reference": "firefox-0:102.13.0-2.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src"
},
"product_reference": "firefox-0:102.13.0-2.el8_8.src",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debugsource-0:102.13.0-2.el8_8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
},
"product_reference": "firefox-debugsource-0:102.13.0-2.el8_8.x86_64",
"relates_to_product_reference": "AppStream-8.8.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:56:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:56:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:56:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:56:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T08:56:52+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4076"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.src",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debuginfo-0:102.13.0-2.el8_8.x86_64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.aarch64",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.ppc64le",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.s390x",
"AppStream-8.8.0.Z.MAIN.EUS:firefox-debugsource-0:102.13.0-2.el8_8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
RHSA-2023:4079
Vulnerability from csaf_redhat - Published: 2023-07-13 12:11 - Updated: 2025-11-21 18:42Summary
Red Hat Security Advisory: firefox security update
Severity
Important
Notes
Topic: An update for firefox is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 102.13.0 ESR.
Security Fix(es):
* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)
* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)
* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)
* Mozilla: Fullscreen notification obscured (CVE-2023-37207)
* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The Mozilla Foundation Security Advisory describes this flaw as: An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.
8.8 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.
8.8 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
The Mozilla Foundation Security Advisory describes this flaw as: A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.
6.1 (Medium)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.
7.8 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
The Mozilla Foundation Security Advisory describes this flaw as: Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.
8.8 (High)
Affected products
Fixed
66 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
33 references
Acknowledgments
the Mozilla project
Irvan Kurniawan
zx
Shaheen Fazim
Puf
the Mozilla Fuzzing Team
the Mozilla Project
Andrew McCreight
Matthew Gaudet
Tom Ritter
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for firefox is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.13.0 ESR.\n\nSecurity Fix(es):\n\n* Mozilla: Use-after-free in WebRTC certificate generation (CVE-2023-37201)\n\n* Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey (CVE-2023-37202)\n\n* Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13 (CVE-2023-37211)\n\n* Mozilla: Fullscreen notification obscured (CVE-2023-37207)\n\n* Mozilla: Lack of warning when opening Diagcab files (CVE-2023-37208)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2023:4079",
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4079.json"
}
],
"title": "Red Hat Security Advisory: firefox security update",
"tracking": {
"current_release_date": "2025-11-21T18:42:15+00:00",
"generator": {
"date": "2025-11-21T18:42:15+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2023:4079",
"initial_release_date": "2023-07-13T12:11:27+00:00",
"revision_history": [
{
"date": "2023-07-13T12:11:27+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2023-07-13T12:11:27+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T18:42:15+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::client"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::workstation"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.src",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.src",
"product_id": "firefox-0:102.13.0-2.el7_9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.x86_64",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64",
"product_id": "firefox-0:102.13.0-2.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el7_9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.i686",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.i686",
"product_id": "firefox-0:102.13.0-2.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=i686"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"product_id": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el7_9?arch=i686"
}
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.s390x",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.s390x",
"product_id": "firefox-0:102.13.0-2.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"product_id": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el7_9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.ppc64le",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le",
"product_id": "firefox-0:102.13.0-2.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"product_id": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el7_9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "firefox-0:102.13.0-2.el7_9.ppc64",
"product": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64",
"product_id": "firefox-0:102.13.0-2.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox@102.13.0-2.el7_9?arch=ppc64"
}
}
},
{
"category": "product_version",
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"product": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"product_id": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/firefox-debuginfo@102.13.0-2.el7_9?arch=ppc64"
}
}
}
],
"category": "architecture",
"name": "ppc64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client (v. 7)",
"product_id": "7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Client-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Client Optional (v. 7)",
"product_id": "7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Client-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Server Optional (v. 7)",
"product_id": "7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Server-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.src as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.src",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.i686 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64 as a component of Red Hat Enterprise Linux Workstation Optional (v. 7)",
"product_id": "7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
},
"product_reference": "firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"relates_to_product_reference": "7Workstation-optional-7.9.Z"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Irvan Kurniawan"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37201",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219747"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nAn attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Use-after-free in WebRTC certificate generation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "RHBZ#2219747",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219747"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37201",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37201"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37201"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37201"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T12:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Use-after-free in WebRTC certificate generation"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"zx"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37202",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219748"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nCross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "RHBZ#2219748",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219748"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37202",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37202"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37202"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37202"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T12:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Potential use-after-free from compartment mismatch in SpiderMonkey"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Shaheen Fazim"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37207",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219749"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nA website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Fullscreen notification obscured",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "RHBZ#2219749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37207",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37207"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37207"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37207"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T12:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Fullscreen notification obscured"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla project"
]
},
{
"names": [
"Puf"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37208",
"cwe": {
"id": "CWE-1127",
"name": "Compilation with Insufficient Warnings or Errors"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219750"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nWhen opening Diagcab files, Firefox did not warn the user that these files may contain malicious code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Lack of warning when opening Diagcab files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "RHBZ#2219750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219750"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37208",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37208"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37208"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T12:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Mozilla: Lack of warning when opening Diagcab files"
},
{
"acknowledgments": [
{
"names": [
"the Mozilla Fuzzing Team",
"the Mozilla Project"
]
},
{
"names": [
"Andrew McCreight",
"Matthew Gaudet",
"Tom Ritter"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2023-37211",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2023-07-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2219751"
}
],
"notes": [
{
"category": "description",
"text": "The Mozilla Foundation Security Advisory describes this flaw as:\r\n\r\nMemory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "RHBZ#2219751",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2219751"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-37211",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37211"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37211"
},
{
"category": "external",
"summary": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-23/#CVE-2023-37211"
}
],
"release_date": "2023-07-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2023-07-13T12:11:27+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the update, Firefox must be restarted for the changes to take effect.",
"product_ids": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2023:4079"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Client-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Client-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Server-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Server-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.src",
"7Workstation-optional-7.9.Z:firefox-0:102.13.0-2.el7_9.x86_64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.i686",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.ppc64le",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.s390x",
"7Workstation-optional-7.9.Z:firefox-debuginfo-0:102.13.0-2.el7_9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "Mozilla: Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13"
}
]
}
SUSE-SU-2023:2849-1
Vulnerability from csaf_suse - Published: 2023-07-17 07:49 - Updated: 2023-07-17 07:49Summary
Security update for MozillaFirefox, MozillaFirefox-branding-SLE
Severity
Important
Notes
Title of the patch: Security update for MozillaFirefox, MozillaFirefox-branding-SLE
Description of the patch: This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:
Changes in MozillaFirefox and MozillaFirefox-branding-SLE:
This update provides Firefox Extended Support Release 115.0 ESR
* New:
- Required fields are now highlighted in PDF forms.
- Improved performance on high-refresh rate monitors (120Hz+).
- Buttons in the Tabs toolbar can now be reached with Tab,
Shift+Tab, and Arrow keys. View this article for additional
details.
- Windows' 'Make text bigger' accessibility setting now
affects all the UI and content pages, rather than only
applying to system font sizes.
- Non-breaking spaces are now preserved—preventing automatic
line breaks—when copying text from a form control.
- Fixed WebGL performance issues on NVIDIA binary drivers via
DMA-Buf on Linux.
- Fixed an issue in which Firefox startup could be
significantly slowed down by the processing of Web content
local storage. This had the greatest impact on users with
platter hard drives and significant local storage.
- Removed a configuration option to allow SHA-1 signatures in
certificates: SHA-1 signatures in certificates—long since
determined to no longer be secure enough—are now not
supported.
- Highlight color is preserved correctly after typing `Enter`
in the mail composer of Yahoo Mail and Outlook.
After bypassing the https only error page navigating back
would take you to the error page that was previously
dismissed. Back now takes you to the previous site that was
visited.
- Paste unformatted shortcut (shift+ctrl/cmd+v) now works in
plain text contexts, such as input and text area.
- Added an option to print only the current page from the
print preview dialog.
- Swipe to navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) on Windows is now
enabled.
- Stability on Windows is significantly improved as Firefox
handles low-memory situations much better.
- Touchpad scrolling on macOS was made more accessible by
reducing unintended diagonal scrolling opposite of the
intended scroll axis.
- Firefox is less likely to run out of memory on Linux and
performs more efficiently for the rest of the system when
memory runs low.
- It is now possible to edit PDFs: including writing text,
drawing, and adding signatures.
- Setting Firefox as your default browser now also makes it
the default PDF application on Windows systems.
- Swipe-to-navigate (two fingers on a touchpad swiped left or
right to perform history back or forward) now works for Linux
users on Wayland.
- Text Recognition in images allows users on macOS 10.15 and
higher to extract text from the selected image (such as a
meme or screenshot).
- Firefox View helps you get back to content you previously
discovered. A pinned tab allows you to find and open recently
closed tabs on your current device and access tabs from other
devices (via our “Tab Pickup” feature).
- Import maps, which allow web pages to control the behavior
of JavaScript imports, are now enabled by default.
- Processes used for background tabs now use efficiency mode
on Windows 11 to limit resource use.
- The shift+esc keyboard shortcut now opens the Process
Manager, offering a way to quickly identify processes that
are using too many resources.
- Firefox now supports properly color correcting images
tagged with ICCv4 profiles.
- Support for non-English characters when saving and printing
PDF forms.
- The bookmarks toolbar's default 'Only show on New Tab'
state works correctly for blank new tabs. As before, you can
change the bookmark toolbar's behavior using the toolbar
context menu.
- Manifest Version 3 (MV3) extension support is now enabled
by default (MV2 remains enabled/supported). This major update
also ushers an exciting user interface change in the form of
the new extensions button.
- The Arbitrary Code Guard exploit protection has been
enabled in the media playback utility processes, improving
security for Windows users.
- The native HTML date picker for date and datetime inputs
can now be used with a keyboard alone, improving its
accessibility for screen reader users. Users with limited
mobility can also now use common keyboard shortcuts to
navigate the calendar grid and month selection spinners.
- Firefox builds in the Spanish from Spain (es-ES) and
Spanish from Argentina (es-AR) locales now come with a built-
in dictionary for the Firefox spellchecker.
- On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls
the page instead of zooming. This avoids accidental zooming
and matches the behavior of other web browsers on macOS.
- It's now possible to import bookmarks, history and
passwords not only from Edge, Chrome or Safari but also from
Opera, Opera GX, and Vivaldi.
- GPU sandboxing has been enabled on Windows.
- On Windows, third-party modules can now be blocked from
injecting themselves into Firefox, which can be helpful if
they are causing crashes or other undesirable behavior.
- Date, time, and datetime-local input fields can now be
cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on
macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and
Linux.
- GPU-accelerated Canvas2D is enabled by default on macOS and
Linux.
- WebGL performance improvement on Windows, MacOS and Linux.
- Enables overlay of hardware-decoded video with non-Intel
GPUs on Windows 10/11, improving video playback performance
and video scaling quality.
- Windows native notifications are now enabled.
- Firefox Relay users can now opt-in to create Relay email
masks directly from the Firefox credential manager. You must
be signed in with your Firefox Account.
- We’ve added two new locales: Silhe Friulian (fur) and
Sardinian (sc).
- Right-clicking on password fields now shows an option to
reveal the password.
- Private windows and ETP set to strict will now include
email tracking protection. This will make it harder for email
trackers to learn the browsing habits of Firefox users. You
can check the Tracking Content in the sub-panel on the shield
icon panel.
- The deprecated U2F Javascript API is now disabled by
default. The U2F protocol remains usable through the WebAuthn
API. The U2F API can be re-enabled using the
`security.webauth.u2f` preference.
- Say hello to enhanced Picture-in-Picture! Rewind, check
video duration, and effortlessly switch to full-screen mode
on the web's most popular video websites.
- Firefox's address bar is already a great place to search
for what you're looking for. Now you'll always be able to see
your web search terms and refine them while viewing your
search's results - no additional scrolling needed! Also, a
new result menu has been added making it easier to remove
history results and dismiss sponsored Firefox Suggest
entries.
- Private windows now protect users even better by blocking
third-party cookies and storage of content trackers.
- Passwords automatically generated by Firefox now include
special characters, giving users more secure passwords by
default.
- Firefox 115 introduces a redesigned accessibility engine
which significantly improves the speed, responsiveness, and
stability of Firefox when used with:
- Screen readers, as well as certain other accessibility
software;
- East Asian input methods;
- Enterprise single sign-on software; and
- Other applications which use accessibility frameworks to
access information.
- Firefox 115 now supports AV1 Image Format files containing
animations (AVIS), improving support for AVIF images across
the web.
- The Windows GPU sandbox first shipped in the Firefox 110
release has been tightened to enhance the security benefits
it provides.
- A 13-year-old feature request was fulfilled and Firefox now
supports files being drag-and-dropped directly from Microsoft
Outlook. A special thanks to volunteer contributor Marco
Spiess for helping to get this across the finish line!
- Users on macOS can now access the Services sub-menu
directly from Firefox context menus.
- On Windows, the elastic overscroll effect has been enabled
by default. When two-finger scrolling on the touchpad or
scrolling on the touchscreen, you will now see a bouncing
animation when scrolling past the edge of a scroll container.
- Firefox is now available in the Tajik (tg) language.
- Added UI to manage the DNS over HTTPS exception list.
- Bookmarks can now be searched from the Bookmarks menu. The
Bookmarks menu is accessible by adding the Bookmarks menu
button to the toolbar.
- Restrict searches to your local browsing history by
selecting Search history from the History, Library or
Application menu buttons.
- Mac users can now capture video from their cameras in all
supported native resolutions. This enables resolutions higher
than 1280x720.
- It is now possible to reorder the extensions listed in the
extensions panel.
- Users on macOS, Linux, and Windows 7 can now use FIDO2 /
WebAuthn authenticators over USB. Some advanced features,
such as fully passwordless logins, require a PIN to be set on
the authenticator.
- Pocket Recommended content can now be seen in France,
Italy, and Spain.
- DNS over HTTPS settings are now part of the Privacy &
Security section of the Settings page and allow the user to
choose from all the supported modes.
- Migrating from another browser? Now you can bring over
payment methods you've saved in Chrome-based browsers to
Firefox.
- Hardware video decoding enabled for Intel GPUs on Linux.
- The Tab Manager dropdown now features close buttons, so you
can close tabs more quickly.
- Windows Magnifier now follows the text cursor correctly
when the Firefox title bar is visible.
- Undo and redo are now available in Password fields.
[1]:https://support.mozilla.org/kb/access-toolbar-functions-
using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3
*_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w
[2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view
[3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox
[4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/
[5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/
[6]:https://support.mozilla.org/kb/unified-extensions
[7]:https://support.mozilla.org/kb/import-data-another-browser
[8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows
[9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox
[10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/
* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)
* CVE-2023-3482 (bmo#1839464)
Block all cookies bypass for localstorage
* CVE-2023-37201 (bmo#1826002)
Use-after-free in WebRTC certificate generation
* CVE-2023-37202 (bmo#1834711)
Potential use-after-free from compartment mismatch in
SpiderMonkey
* CVE-2023-37203 (bmo#291640)
Drag and Drop API may provide access to local system files
* CVE-2023-37204 (bmo#1832195)
Fullscreen notification obscured via option element
* CVE-2023-37205 (bmo#1704420)
URL spoofing in address bar using RTL characters
* CVE-2023-37206 (bmo#1813299)
Insufficient validation of symlinks in the FileSystem API
* CVE-2023-37207 (bmo#1816287)
Fullscreen notification obscured
* CVE-2023-37208 (bmo#1837675)
Lack of warning when opening Diagcab files
* CVE-2023-37209 (bmo#1837993)
Use-after-free in `NotifyOnHistoryReload`
* CVE-2023-37210 (bmo#1821886)
Full-screen mode exit prevention
* CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,
bmo#1836550, bmo#1837450)
Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,
and Thunderbird 102.13
* CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,
bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,
bmo#1838587)
Memory safety bugs fixed in Firefox 115
- Fixed potential SIGILL on older CPUs (bsc#1212101)
* Fixed: Various security fixes and other quality
Patchnames: SUSE-2023-2849,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2849,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2849,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2849
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
45 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues:\n\nChanges in MozillaFirefox and MozillaFirefox-branding-SLE:\n\nThis update provides Firefox Extended Support Release 115.0 ESR\n\n* New: \n\n - Required fields are now highlighted in PDF forms.\n - Improved performance on high-refresh rate monitors (120Hz+).\n - Buttons in the Tabs toolbar can now be reached with Tab,\n Shift+Tab, and Arrow keys. View this article for additional\n details.\n - Windows\u0027 \u0027Make text bigger\u0027 accessibility setting now\n affects all the UI and content pages, rather than only\n applying to system font sizes.\n - Non-breaking spaces are now preserved\u2014preventing automatic\n line breaks\u2014when copying text from a form control.\n - Fixed WebGL performance issues on NVIDIA binary drivers via\n DMA-Buf on Linux.\n - Fixed an issue in which Firefox startup could be\n significantly slowed down by the processing of Web content\n local storage. This had the greatest impact on users with\n platter hard drives and significant local storage.\n - Removed a configuration option to allow SHA-1 signatures in\n certificates: SHA-1 signatures in certificates\u2014long since\n determined to no longer be secure enough\u2014are now not\n supported.\n - Highlight color is preserved correctly after typing `Enter`\n in the mail composer of Yahoo Mail and Outlook.\n After bypassing the https only error page navigating back\n would take you to the error page that was previously\n dismissed. Back now takes you to the previous site that was\n visited.\n - Paste unformatted shortcut (shift+ctrl/cmd+v) now works in\n plain text contexts, such as input and text area.\n - Added an option to print only the current page from the\n print preview dialog.\n - Swipe to navigate (two fingers on a touchpad swiped left or\n right to perform history back or forward) on Windows is now\n enabled.\n - Stability on Windows is significantly improved as Firefox\n handles low-memory situations much better.\n - Touchpad scrolling on macOS was made more accessible by\n reducing unintended diagonal scrolling opposite of the\n intended scroll axis.\n - Firefox is less likely to run out of memory on Linux and\n performs more efficiently for the rest of the system when\n memory runs low.\n - It is now possible to edit PDFs: including writing text,\n drawing, and adding signatures.\n - Setting Firefox as your default browser now also makes it\n the default PDF application on Windows systems.\n - Swipe-to-navigate (two fingers on a touchpad swiped left or\n right to perform history back or forward) now works for Linux\n users on Wayland.\n - Text Recognition in images allows users on macOS 10.15 and\n higher to extract text from the selected image (such as a\n meme or screenshot).\n - Firefox View helps you get back to content you previously\n discovered. A pinned tab allows you to find and open recently\n closed tabs on your current device and access tabs from other\n devices (via our \u201cTab Pickup\u201d feature).\n - Import maps, which allow web pages to control the behavior\n of JavaScript imports, are now enabled by default.\n - Processes used for background tabs now use efficiency mode\n on Windows 11 to limit resource use.\n - The shift+esc keyboard shortcut now opens the Process\n Manager, offering a way to quickly identify processes that\n are using too many resources.\n - Firefox now supports properly color correcting images\n tagged with ICCv4 profiles.\n - Support for non-English characters when saving and printing\n PDF forms.\n - The bookmarks toolbar\u0027s default \u0027Only show on New Tab\u0027\n state works correctly for blank new tabs. As before, you can\n change the bookmark toolbar\u0027s behavior using the toolbar\n context menu.\n - Manifest Version 3 (MV3) extension support is now enabled\n by default (MV2 remains enabled/supported). This major update\n also ushers an exciting user interface change in the form of\n the new extensions button.\n - The Arbitrary Code Guard exploit protection has been\n enabled in the media playback utility processes, improving\n security for Windows users.\n - The native HTML date picker for date and datetime inputs\n can now be used with a keyboard alone, improving its\n accessibility for screen reader users. Users with limited\n mobility can also now use common keyboard shortcuts to\n navigate the calendar grid and month selection spinners.\n - Firefox builds in the Spanish from Spain (es-ES) and\n Spanish from Argentina (es-AR) locales now come with a built-\n in dictionary for the Firefox spellchecker.\n - On macOS, Ctrl or Cmd + trackpad or mouse wheel now scrolls\n the page instead of zooming. This avoids accidental zooming\n and matches the behavior of other web browsers on macOS.\n - It\u0027s now possible to import bookmarks, history and\n passwords not only from Edge, Chrome or Safari but also from\n Opera, Opera GX, and Vivaldi.\n - GPU sandboxing has been enabled on Windows.\n - On Windows, third-party modules can now be blocked from\n injecting themselves into Firefox, which can be helpful if\n they are causing crashes or other undesirable behavior.\n - Date, time, and datetime-local input fields can now be\n cleared with `Cmd+Backspace` and `Cmd+Delete` shortcut on\n macOS and `Ctrl+Backspace` and `Ctrl+Delete` on Windows and\n Linux.\n - GPU-accelerated Canvas2D is enabled by default on macOS and\n Linux.\n - WebGL performance improvement on Windows, MacOS and Linux.\n - Enables overlay of hardware-decoded video with non-Intel\n GPUs on Windows 10/11, improving video playback performance\n and video scaling quality.\n - Windows native notifications are now enabled.\n - Firefox Relay users can now opt-in to create Relay email\n masks directly from the Firefox credential manager. You must\n be signed in with your Firefox Account.\n - We\u2019ve added two new locales: Silhe Friulian (fur) and\n Sardinian (sc).\n - Right-clicking on password fields now shows an option to\n reveal the password.\n - Private windows and ETP set to strict will now include\n email tracking protection. This will make it harder for email\n trackers to learn the browsing habits of Firefox users. You\n can check the Tracking Content in the sub-panel on the shield\n icon panel.\n - The deprecated U2F Javascript API is now disabled by\n default. The U2F protocol remains usable through the WebAuthn\n API. The U2F API can be re-enabled using the\n `security.webauth.u2f` preference.\n - Say hello to enhanced Picture-in-Picture! Rewind, check\n video duration, and effortlessly switch to full-screen mode\n on the web\u0027s most popular video websites.\n - Firefox\u0027s address bar is already a great place to search\n for what you\u0027re looking for. Now you\u0027ll always be able to see\n your web search terms and refine them while viewing your\n search\u0027s results - no additional scrolling needed! Also, a\n new result menu has been added making it easier to remove\n history results and dismiss sponsored Firefox Suggest\n entries.\n - Private windows now protect users even better by blocking\n third-party cookies and storage of content trackers.\n - Passwords automatically generated by Firefox now include\n special characters, giving users more secure passwords by\n default.\n - Firefox 115 introduces a redesigned accessibility engine\n which significantly improves the speed, responsiveness, and\n stability of Firefox when used with:\n\n - Screen readers, as well as certain other accessibility\n software;\n - East Asian input methods;\n - Enterprise single sign-on software; and\n - Other applications which use accessibility frameworks to\n access information.\n\n - Firefox 115 now supports AV1 Image Format files containing\n animations (AVIS), improving support for AVIF images across\n the web.\n - The Windows GPU sandbox first shipped in the Firefox 110\n release has been tightened to enhance the security benefits\n it provides.\n - A 13-year-old feature request was fulfilled and Firefox now\n supports files being drag-and-dropped directly from Microsoft\n Outlook. A special thanks to volunteer contributor Marco\n Spiess for helping to get this across the finish line!\n - Users on macOS can now access the Services sub-menu\n directly from Firefox context menus.\n - On Windows, the elastic overscroll effect has been enabled\n by default. When two-finger scrolling on the touchpad or\n scrolling on the touchscreen, you will now see a bouncing\n animation when scrolling past the edge of a scroll container.\n - Firefox is now available in the Tajik (tg) language.\n - Added UI to manage the DNS over HTTPS exception list.\n - Bookmarks can now be searched from the Bookmarks menu. The\n Bookmarks menu is accessible by adding the Bookmarks menu\n button to the toolbar.\n - Restrict searches to your local browsing history by\n selecting Search history from the History, Library or\n Application menu buttons.\n - Mac users can now capture video from their cameras in all\n supported native resolutions. This enables resolutions higher\n than 1280x720.\n - It is now possible to reorder the extensions listed in the\n extensions panel.\n - Users on macOS, Linux, and Windows 7 can now use FIDO2 /\n WebAuthn authenticators over USB. Some advanced features,\n such as fully passwordless logins, require a PIN to be set on\n the authenticator.\n - Pocket Recommended content can now be seen in France,\n Italy, and Spain.\n - DNS over HTTPS settings are now part of the Privacy \u0026\n Security section of the Settings page and allow the user to\n choose from all the supported modes.\n - Migrating from another browser? Now you can bring over\n payment methods you\u0027ve saved in Chrome-based browsers to\n Firefox.\n - Hardware video decoding enabled for Intel GPUs on Linux.\n - The Tab Manager dropdown now features close buttons, so you\n can close tabs more quickly.\n - Windows Magnifier now follows the text cursor correctly\n when the Firefox title bar is visible.\n - Undo and redo are now available in Password fields.\n [1]:https://support.mozilla.org/kb/access-toolbar-functions-\n using-keyboard?_gl=1*16it7nj*_ga*MTEzNjg4MjY5NC4xNjQ1MjAxMDU3\n *_ga_MQ7767QQQW*MTY1Njk2MzExMS43LjEuMTY1Njk2MzIzMy4w\n [2]:https://support.mozilla.org/kb/how-set-tab-pickup-firefox-view\n [3]:https://support.mozilla.org/kb/task-manager-tabs-or-extensions-are-slowing-firefox\n [4]:https://blog.mozilla.org/addons/2022/11/17/manifest-v3-signing-available-november-21-on-firefox-nightly/\n [5]:https://blog.mozilla.org/addons/2022/05/18/manifest-v3-in-firefox-recap-next-steps/\n [6]:https://support.mozilla.org/kb/unified-extensions\n [7]:https://support.mozilla.org/kb/import-data-another-browser\n [8]:https://support.mozilla.org/kb/identify-problems-third-party-modules-firefox-windows\n [9]:https://support.mozilla.org/kb/how-generate-secure-password-firefox\n [10]:https://blog.mozilla.org/accessibility/firefox-113-accessibility-performance/\n\n* Fixed: Various security fixes. MFSA 2023-22 (bsc#1212438)\n\n * CVE-2023-3482 (bmo#1839464)\n Block all cookies bypass for localstorage\n * CVE-2023-37201 (bmo#1826002)\n Use-after-free in WebRTC certificate generation\n * CVE-2023-37202 (bmo#1834711)\n Potential use-after-free from compartment mismatch in\n SpiderMonkey\n * CVE-2023-37203 (bmo#291640)\n Drag and Drop API may provide access to local system files\n * CVE-2023-37204 (bmo#1832195)\n Fullscreen notification obscured via option element\n * CVE-2023-37205 (bmo#1704420)\n URL spoofing in address bar using RTL characters\n * CVE-2023-37206 (bmo#1813299)\n Insufficient validation of symlinks in the FileSystem API\n * CVE-2023-37207 (bmo#1816287)\n Fullscreen notification obscured\n * CVE-2023-37208 (bmo#1837675)\n Lack of warning when opening Diagcab files\n * CVE-2023-37209 (bmo#1837993)\n Use-after-free in `NotifyOnHistoryReload`\n * CVE-2023-37210 (bmo#1821886)\n Full-screen mode exit prevention\n * CVE-2023-37211 (bmo#1832306, bmo#1834862, bmo#1835886,\n bmo#1836550, bmo#1837450)\n Memory safety bugs fixed in Firefox 115, Firefox ESR 102.13,\n and Thunderbird 102.13\n * CVE-2023-37212 (bmo#1750870, bmo#1825552, bmo#1826206,\n bmo#1827076, bmo#1828690, bmo#1833503, bmo#1835710,\n bmo#1838587)\n Memory safety bugs fixed in Firefox 115\n- Fixed potential SIGILL on older CPUs (bsc#1212101)\n\n* Fixed: Various security fixes and other quality\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-2849,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-2849,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-2849,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-2849",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2849-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:2849-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232849-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:2849-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-July/015502.html"
},
{
"category": "self",
"summary": "SUSE Bug 1212101",
"url": "https://bugzilla.suse.com/1212101"
},
{
"category": "self",
"summary": "SUSE Bug 1212438",
"url": "https://bugzilla.suse.com/1212438"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3482 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37201 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37201/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37202 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37202/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37203 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37203/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37204 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37205 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37205/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37206 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37206/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37207 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37208 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37209 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37209/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37210 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37210/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37211 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37211/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-37212 page",
"url": "https://www.suse.com/security/cve/CVE-2023-37212/"
}
],
"title": "Security update for MozillaFirefox, MozillaFirefox-branding-SLE",
"tracking": {
"current_release_date": "2023-07-17T07:49:44Z",
"generator": {
"date": "2023-07-17T07:49:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:2849-1",
"initial_release_date": "2023-07-17T07:49:44Z",
"revision_history": [
{
"date": "2023-07-17T07:49:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-115.0-150000.150.91.1.aarch64",
"product": {
"name": "MozillaFirefox-115.0-150000.150.91.1.aarch64",
"product_id": "MozillaFirefox-115.0-150000.150.91.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"product_id": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"product_id": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"product_id": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.i586",
"product": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.i586",
"product_id": "MozillaFirefox-branding-SLE-115-150000.4.25.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-115.0-150000.150.91.1.i686",
"product": {
"name": "MozillaFirefox-115.0-150000.150.91.1.i686",
"product_id": "MozillaFirefox-115.0-150000.150.91.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.i686",
"product": {
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.i686",
"product_id": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.i686",
"product": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.i686",
"product_id": "MozillaFirefox-translations-common-115.0-150000.150.91.1.i686"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.i686",
"product": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.i686",
"product_id": "MozillaFirefox-translations-other-115.0-150000.150.91.1.i686"
}
}
],
"category": "architecture",
"name": "i686"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"product": {
"name": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"product_id": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"product": {
"name": "MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"product_id": "MozillaFirefox-115.0-150000.150.91.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"product_id": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-115.0-150000.150.91.1.s390x",
"product": {
"name": "MozillaFirefox-115.0-150000.150.91.1.s390x",
"product_id": "MozillaFirefox-115.0-150000.150.91.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"product": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"product_id": "MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"product_id": "MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"product_id": "MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-115.0-150000.150.91.1.x86_64",
"product": {
"name": "MozillaFirefox-115.0-150000.150.91.1.x86_64",
"product_id": "MozillaFirefox-115.0-150000.150.91.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"product_id": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-115.0-150000.150.91.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"product_id": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"product_id": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch"
},
"product_reference": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch"
},
"product_reference": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch"
},
"product_reference": "MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-3482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3482"
}
],
"notes": [
{
"category": "general",
"text": "When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of \u0027about:blank\u0027. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3482",
"url": "https://www.suse.com/security/cve/CVE-2023-3482"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-3482",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-3482"
},
{
"cve": "CVE-2023-37201",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37201"
}
],
"notes": [
{
"category": "general",
"text": "An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37201",
"url": "https://www.suse.com/security/cve/CVE-2023-37201"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37201",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37201"
},
{
"cve": "CVE-2023-37202",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37202"
}
],
"notes": [
{
"category": "general",
"text": "Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37202",
"url": "https://www.suse.com/security/cve/CVE-2023-37202"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37202",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37202"
},
{
"cve": "CVE-2023-37203",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37203"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37203",
"url": "https://www.suse.com/security/cve/CVE-2023-37203"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37203",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37203"
},
{
"cve": "CVE-2023-37204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37204"
}
],
"notes": [
{
"category": "general",
"text": "A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37204",
"url": "https://www.suse.com/security/cve/CVE-2023-37204"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37204",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37204"
},
{
"cve": "CVE-2023-37205",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37205"
}
],
"notes": [
{
"category": "general",
"text": "The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37205",
"url": "https://www.suse.com/security/cve/CVE-2023-37205"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37205",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37205"
},
{
"cve": "CVE-2023-37206",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37206"
}
],
"notes": [
{
"category": "general",
"text": "Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37206",
"url": "https://www.suse.com/security/cve/CVE-2023-37206"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37206",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37206"
},
{
"cve": "CVE-2023-37207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37207"
}
],
"notes": [
{
"category": "general",
"text": "A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37207",
"url": "https://www.suse.com/security/cve/CVE-2023-37207"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37207",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37207"
},
{
"cve": "CVE-2023-37208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37208"
}
],
"notes": [
{
"category": "general",
"text": "When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37208",
"url": "https://www.suse.com/security/cve/CVE-2023-37208"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37208",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37208"
},
{
"cve": "CVE-2023-37209",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37209"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free condition existed in `NotifyOnHistoryReload` where a `LoadingSessionHistoryEntry` object was freed and a reference to that object remained. This resulted in a potentially exploitable condition when the reference to that object was later reused. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37209",
"url": "https://www.suse.com/security/cve/CVE-2023-37209"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37209",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37209"
},
{
"cve": "CVE-2023-37210",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37210"
}
],
"notes": [
{
"category": "general",
"text": "A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37210",
"url": "https://www.suse.com/security/cve/CVE-2023-37210"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37210",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37210"
},
{
"cve": "CVE-2023-37211",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37211"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 115, Firefox ESR \u003c 102.13, and Thunderbird \u003c 102.13.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37211",
"url": "https://www.suse.com/security/cve/CVE-2023-37211"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37211",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37211"
},
{
"cve": "CVE-2023-37212",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-37212"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 114. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 115.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-37212",
"url": "https://www.suse.com/security/cve/CVE-2023-37212"
},
{
"category": "external",
"summary": "SUSE Bug 1212438 for CVE-2023-37212",
"url": "https://bugzilla.suse.com/1212438"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-branding-SLE-115-150000.4.25.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.0-150000.150.91.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.0-150000.150.91.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.0-150000.150.91.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-07-17T07:49:44Z",
"details": "important"
}
],
"title": "CVE-2023-37212"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…