VYPR

rpm package

almalinux/firefox-x11

pkg:rpm/almalinux/firefox-x11

Vulnerabilities (445)

  • CVE-2023-29550Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    Memory safety bugs present in Firefox 111 and Firefox ESR 102.9. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 112, Focus for Andro

  • CVE-2023-29548Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox for Android < 112, and Thunderbird < 102.10.

  • CVE-2023-29541Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. *This bug only affects Firefox for Linux on certain Distributions. Other operating systems are unaffected, and Mozilla is unable t

  • CVE-2023-29539Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    When handling the filename directive in the Content-Disposition header, the filename would be truncated if the filename contained a NULL character. This could have led to reflected file download attacks potentially tricking users to install malware. This vulnerability affects Fir

  • CVE-2023-29536Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    An attacker could cause the memory manager to incorrectly free a pointer that addresses attacker-controlled memory, resulting in an assertion, memory corruption, or a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 1

  • CVE-2023-29535Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 112, Focus for Android < 112, Firefox ESR < 102.10, Firefox f

  • CVE-2023-29533Jun 2, 2023
    affected < 102.10.0-1.el9_1.almafixed 102.10.0-1.el9_1.alma

    A website could have obscured the fullscreen notification by using a combination of window.open, fullscreen requests, window.name assignments, and setInterval calls. This could have led to user confusion and possible spoofing attacks. This v

  • CVE-2023-28176Jun 2, 2023
    affected < 102.9.0-3.el9_1.almafixed 102.9.0-3.el9_1.alma

    Memory safety bugs present in Firefox 110 and Firefox ESR 102.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 111, Firefox ESR < 1

  • CVE-2023-28164Jun 2, 2023
    affected < 102.9.0-3.el9_1.almafixed 102.9.0-3.el9_1.alma

    Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

  • CVE-2023-28162Jun 2, 2023
    affected < 102.9.0-3.el9_1.almafixed 102.9.0-3.el9_1.alma

    While implementing AudioWorklets, some code may have casted one type to another, invalid, dynamic type. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

  • CVE-2023-25752Jun 2, 2023
    affected < 102.9.0-3.el9_1.almafixed 102.9.0-3.el9_1.alma

    When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. This may have lead future code to be incorrect and vulnerable. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

  • CVE-2023-25751Jun 2, 2023
    affected < 102.9.0-3.el9_1.almafixed 102.9.0-3.el9_1.alma

    Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. This could lead to a potentially exploitable crash. This vulnerability affects Firefox < 111, Firefox ESR < 102.9, and Thunderbird < 102.9.

  • CVE-2023-25746Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    Memory safety bugs present in Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 102.8 and Firefox ESR < 102.8.

  • CVE-2023-25744Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    Mmemory safety bugs present in Firefox 109 and Firefox ESR 102.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 110 and Firefox ESR

  • CVE-2023-25743Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    A lack of in app notification for entering fullscreen mode could have lead to a malicious website spoofing browser chrome.*This bug only affects Firefox Focus. Other versions of Firefox are unaffected.*. This vulnerability affects Firefox < 110 and Firefox ESR < 102.8.

  • CVE-2023-25742Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

  • CVE-2023-25739Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    Module load requests that failed were not being checked as to whether or not they were cancelled causing a use-after-free in ScriptLoadContext. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

  • CVE-2023-25737Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

  • CVE-2023-25735Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free after unwrapping the proxy. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 1

  • CVE-2023-25732Jun 2, 2023
    affected < 102.8.0-2.el9_1.almafixed 102.8.0-2.el9_1.alma

    When encoding data from an inputStream in xpcom the size of the input being encoded was not correctly calculated potentially leading to an out of bounds memory write. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.

Page 22 of 23