ALT-BU-2023-3839-1
Branch c9f2 update bulletin.
Closed vulnerabilities
BDU:2021-03611
Уязвимость библиотека для упрощение переноса проектов Libbsd, связанная с чтением за допустимыми границами буфера данных, позволяющая нарушителю получить доступ к конфиденциальным данным, а также вызвать отказ в обслуживании
Modified: 2024-11-21
CVE-2019-20367
nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a comparison for a symbol name from the string table (strtab).
- openSUSE-SU-2020:0679
- openSUSE-SU-2020:0679
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- https://gitlab.freedesktop.org/libbsd/libbsd/commit/9d917aad37778a9f4a96ba358415f077f3f36f3b
- [tomee-dev] 20210401 Re: CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 Re: CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 CVE-2019-20367 - TomEE not affected
- [tomee-dev] 20210401 CVE-2019-20367 - TomEE not affected
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2566-1] libbsd security update
- [debian-lts-announce] 20210218 [SECURITY] [DLA 2566-1] libbsd security update
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
- USN-4243-1
- USN-4243-1
Package thunderbird updated to version 102.11.0-alt0.c9.1 for branch c9f2 in task 322486.
Closed vulnerabilities
BDU:2023-02803
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2023-02804
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
BDU:2023-02805
Уязвимость функции FileReader::DoReadData() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2023-02806
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками смешения типов данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02809
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
BDU:2023-02810
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, существующая из-за некорректной работы обработчиков ms-cxh и ms-cxh-ful, позволяющая нарушителю вызвать аварийное завершение работы приложения
BDU:2023-02813
Уязвимость драйвера RLBox Expat браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать аварийное завершение работы приложения
BDU:2023-02814
Уязвимость браузеров Firefox и Firefox ESR, существующая из-за отсутствия задержки всплывающих уведомлений, позволяющая нарушителю получить несанкционированный доступ к определенным функциям браузера
Modified: 2024-11-21
CVE-2023-32205
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
Modified: 2024-11-21
CVE-2023-32206
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1824892
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1824892
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2025-01-31
CVE-2023-32207
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826116
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826116
- GLSA-202312-03
- GLSA-202312-03
- GLSA-202401-10
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
Modified: 2024-11-21
CVE-2023-32211
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823379
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823379
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32212
An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826622
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826622
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826666
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826666
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32214
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://security.gentoo.org/glsa/202401-10
- https://security.gentoo.org/glsa/202312-03
Modified: 2024-11-21
CVE-2023-32215
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Package firefox-esr updated to version 102.11.0-alt0.c9.1 for branch c9f2 in task 322487.
Closed vulnerabilities
BDU:2023-02803
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
BDU:2023-02804
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
BDU:2023-02805
Уязвимость функции FileReader::DoReadData() браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, позволяющая нарушителю выполнить произвольный код в целевой системе
BDU:2023-02806
Уязвимость браузеров Firefox и Firefox ESR, связанная с ошибками смешения типов данных, позволяющая нарушителю вызвать отказ в обслуживании
BDU:2023-02809
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, связанная с ошибками представления информации пользовательским интерфейсом, позволяющая нарушителю выполнить спуфинговую атаку
BDU:2023-02810
Уязвимость браузеров Firefox и Firefox ESR и почтового клиента Thunderbird, существующая из-за некорректной работы обработчиков ms-cxh и ms-cxh-ful, позволяющая нарушителю вызвать аварийное завершение работы приложения
BDU:2023-02813
Уязвимость драйвера RLBox Expat браузеров Firefox и Firefox ESR, позволяющая нарушителю вызвать аварийное завершение работы приложения
BDU:2023-02814
Уязвимость браузеров Firefox и Firefox ESR, существующая из-за отсутствия задержки всплывающих уведомлений, позволяющая нарушителю получить несанкционированный доступ к определенным функциям браузера
Modified: 2024-11-21
CVE-2023-32205
In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofing attacks. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753339
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
- https://bugzilla.mozilla.org/show_bug.cgi?id=1753341
Modified: 2024-11-21
CVE-2023-32206
An out-of-bound read could have led to a crash in the RLBox Expat driver. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1824892
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1824892
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2025-01-31
CVE-2023-32207
A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826116
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826116
- GLSA-202312-03
- GLSA-202312-03
- GLSA-202401-10
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
Modified: 2024-11-21
CVE-2023-32211
A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823379
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1823379
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32212
An attacker could have positioned a datalist element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826622
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826622
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32213
When reading a file, an uninitialized value could have been used as read limit. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826666
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1826666
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03
Modified: 2024-11-21
CVE-2023-32214
Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. *Note: This attack only affects Windows. Other operating systems are not affected.* This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://security.gentoo.org/glsa/202312-03
- https://security.gentoo.org/glsa/202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/show_bug.cgi?id=1828716
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://security.gentoo.org/glsa/202401-10
- https://security.gentoo.org/glsa/202312-03
Modified: 2024-11-21
CVE-2023-32215
Memory safety bugs present in Firefox 112 and Firefox ESR 102.10. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- GLSA-202312-03
- GLSA-202401-10
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://bugzilla.mozilla.org/buglist.cgi?bug_id=1540883%2C1751943%2C1814856%2C1820210%2C1821480%2C1827019%2C1827024%2C1827144%2C1827359%2C1830186
- https://www.mozilla.org/security/advisories/mfsa2023-18/
- https://www.mozilla.org/security/advisories/mfsa2023-17/
- https://www.mozilla.org/security/advisories/mfsa2023-16/
- GLSA-202401-10
- GLSA-202312-03