{"id":"MGASA-2023-0266","summary":"Updated firefox/thunderbird packages fix security vulnerability","details":"Use-after-free in workers. (CVE-2023-3600)\n\nFile Extension Spoofing using the Text Direction Override Character.\n(CVE-2023-3417)\n\nOffscreen Canvas could have bypassed cross-origin restrictions.\n(CVE-2023-4045)\n\nIncorrect value used during WASM compilation. (CVE-2023-4046)\n\nPotential permissions request bypass via clickjacking. (CVE-2023-4047)\n\nCrash in DOMParser due to out-of-memory conditions. (CVE-2023-4048)\n\nFix potential race conditions when releasing platform objects.\n(CVE-2023-4049)\n\nStack buffer overflow in StorageManager. (CVE-2023-4050)\n\nCookie jar overflow caused unexpected cookie jar state. (CVE-2023-4055)\n\nMemory safety bugs fixed in Firefox 116, Firefox ESR 115.1, Firefox ESR\n102.14, Thunderbird 115.1, and Thunderbird 102.14. (CVE-2023-4056)\n\nMemory safety bugs fixed in Firefox 116, Firefox ESR 115.1, and\nThunderbird 115.1. (CVE-2023-4057)\n\nMemory corruption in IPC CanvasTranslator. (CVE-2023-4573)\n\nMemory corruption in IPC ColorPickerShownCallback. (CVE-2023-4574)\n\nMemory corruption in IPC FilePickerShownCallback. (CVE-2023-4575)\n\nInteger Overflow in RecordedSourceSurfaceCreation. (CVE-2023-4576)\n\nMemory corruption in JIT UpdateRegExpStatics. (CVE-2023-4577)\n\nFull screen notification obscured by file open dialog. (CVE-2023-4051)\n\nError reporting methods in SpiderMonkey could have triggered an Out of\nMemory Exception. (CVE-2023-4578)\n\nFull screen notification obscured by external program. (CVE-2023-4053)\n\nPush notifications saved to disk unencrypted. (CVE-2023-4580)\n\nXLL file extensions were downloadable without warnings. (CVE-2023-4581)\n\nBrowsing Context potentially not cleared when closing Private Window.\n(CVE-2023-4583)\n\nMemory safety bugs fixed in Firefox 117, Firefox ESR 102.15, Firefox ESR\n115.2, Thunderbird 102.15, and Thunderbird 115.2. (CVE-2023-4584)\n\nMemory safety bugs fixed in Firefox 117, Firefox ESR 115.2, and\nThunderbird 115.2. (CVE-2023-4585)\n\nHeap buffer overflow in libwebp. (CVE-2023-4863)\n","modified":"2026-04-16T04:41:02.744328295Z","published":"2023-09-24T22:16:18Z","upstream":["CVE-2023-3417","CVE-2023-3600","CVE-2023-4045","CVE-2023-4046","CVE-2023-4047","CVE-2023-4048","CVE-2023-4049","CVE-2023-4050","CVE-2023-4051","CVE-2023-4053","CVE-2023-4055","CVE-2023-4056","CVE-2023-4057","CVE-2023-4573","CVE-2023-4574","CVE-2023-4575","CVE-2023-4576","CVE-2023-4577","CVE-2023-4578","CVE-2023-4580","CVE-2023-4581","CVE-2023-4583","CVE-2023-4584","CVE-2023-4585","CVE-2023-4863"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2023-0266.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=32258"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.0.1/releasenotes/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.0.2/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-26/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.0.3/releasenotes/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.1.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-31/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.2.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-36/"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/nss_3_93.html"},{"type":"WEB","url":"https://firefox-source-docs.mozilla.org/security/nss/releases/index.html"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.0/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.0.1/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-27/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.1.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-33/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.1.1/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.2.0/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-38/"},{"type":"WEB","url":"https://www.mozilla.org/en-US/firefox/115.2.1/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.2.1/releasenotes/"},{"type":"WEB","url":"https://www.thunderbird.net/en-US/thunderbird/115.2.2/releasenotes/"},{"type":"ADVISORY","url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/"}],"affected":[{"package":{"name":"rootcerts","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20230720.00-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"nss","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.93.0-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.15.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.15.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.15.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.15.1-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"rootcerts","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/rootcerts?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20230720.00-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"nss","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/nss?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.93.0-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"firefox","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.2.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"firefox-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/firefox-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.2.1-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"thunderbird","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.2.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}},{"package":{"name":"thunderbird-l10n","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/thunderbird-l10n?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.2.2-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2023-0266.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}