Overview
Request 1134098 accepted
- Mozilla Firefox ESR 115.6.0
https://www.mozilla.org/security/advisories/mfsa2023-54/
MFSA 2023-54 (bsc#1217974)
* CVE-2023-6856 (bmo#1843782)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
* CVE-2023-6865 (bmo#1864123)
Potential exposure of uninitialized data in
EncryptingOutputStream
* CVE-2023-6857 (bmo#1796023)
Symlinks may resolve to smaller than expected buffers
* CVE-2023-6858 (bmo#1826791)
Heap buffer overflow in nsTextFragment
* CVE-2023-6859 (bmo#1840144)
Use-after-free in PR_GetIdentitiesLayer
* CVE-2023-6860 (bmo#1854669)
Potential sandbox escape due to VideoBridge lack of texture
validation
* CVE-2023-6867 (bmo#1863863)
Clickjacking permission prompts using the popup transition
* CVE-2023-6861 (bmo#1864118)
Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
* CVE-2023-6862 (bmo#1868042)
Use-after-free in nsDNSService
* CVE-2023-6863 (bmo#1868901)
Undefined behavior in ShutdownObserver()
* CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328,
bmo#1856090, bmo#1858033, bmo#1858509, bmo#1862089,
bmo#1862777, bmo#1864015)
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
and Thunderbird 115.6
Request History
manfred-h created request
- Mozilla Firefox ESR 115.6.0
https://www.mozilla.org/security/advisories/mfsa2023-54/
MFSA 2023-54 (bsc#1217974)
* CVE-2023-6856 (bmo#1843782)
Heap-buffer-overflow affecting WebGL DrawElementsInstanced
method with Mesa VM driver
* CVE-2023-6865 (bmo#1864123)
Potential exposure of uninitialized data in
EncryptingOutputStream
* CVE-2023-6857 (bmo#1796023)
Symlinks may resolve to smaller than expected buffers
* CVE-2023-6858 (bmo#1826791)
Heap buffer overflow in nsTextFragment
* CVE-2023-6859 (bmo#1840144)
Use-after-free in PR_GetIdentitiesLayer
* CVE-2023-6860 (bmo#1854669)
Potential sandbox escape due to VideoBridge lack of texture
validation
* CVE-2023-6867 (bmo#1863863)
Clickjacking permission prompts using the popup transition
* CVE-2023-6861 (bmo#1864118)
Heap buffer overflow affected nsWindow::PickerOpen(void) in
headless mode
* CVE-2023-6862 (bmo#1868042)
Use-after-free in nsDNSService
* CVE-2023-6863 (bmo#1868901)
Undefined behavior in ShutdownObserver()
* CVE-2023-6864 (bmo#1736385, bmo#1810805, bmo#1846328,
bmo#1856090, bmo#1858033, bmo#1858509, bmo#1862089,
bmo#1862777, bmo#1864015)
Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6,
and Thunderbird 115.6
wrosenauer accepted request