{"id":"ALSA-2023:1786","summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nThis update upgrades Firefox to version 102.10.0 ESR.\n\nSecurity Fix(es):\n\n* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)\n* Mozilla: Fullscreen notification obscured (CVE-2023-29533)\n* Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)\n* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)\n* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)\n* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)\n* Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)\n* Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)\n* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","modified":"2026-02-04T04:17:34.132700Z","published":"2023-04-14T00:00:00Z","related":["CVE-2023-1945","CVE-2023-29533","CVE-2023-29535","CVE-2023-29536","CVE-2023-29539","CVE-2023-29541","CVE-2023-29548","CVE-2023-29550"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2023:1786"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1945"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29533"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29535"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29536"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29539"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29541"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29548"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-29550"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186101"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186103"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186104"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186105"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186106"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186109"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186110"},{"type":"REPORT","url":"https://bugzilla.redhat.com/2186111"},{"type":"ADVISORY","url":"https://errata.almalinux.org/9/ALSA-2023-1786.html"}],"affected":[{"package":{"name":"firefox","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/firefox"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.10.0-1.el9_1.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:1786.json"}},{"package":{"name":"firefox-x11","ecosystem":"AlmaLinux:9","purl":"pkg:rpm/almalinux/firefox-x11"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.10.0-1.el9_1.alma"}]}],"database_specific":{"source":"https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2023:1786.json"}}],"schema_version":"1.7.3"}