{"id":"SUSE-SU-2023:4532-1","summary":"Security update for MozillaFirefox","details":"This update for MozillaFirefox fixes the following issues:\n\n- Firefox Extended Support Release 115.5.0 ESR Placeholder changelog-entry (bsc#1217230)\n\n  * Fixed: Various security fixes and other quality improvements. MFSA 2023-46 (bsc#1216338)\n  * CVE-2023-5721: Queued up rendering could have allowed websites to clickjack\n  * CVE-2023-5732: Address bar spoofing via bidirectional characters\n  * CVE-2023-5724: Large WebGL draw could have led to a crash\n  * CVE-2023-5725: WebExtensions could open arbitrary URLs\n  * CVE-2023-5726: Full screen notification obscured by file open dialog on macOS\n  * CVE-2023-5727: Download Protections were bypassed by .msix, .msixbundle, .appx, and .appxbundle files on Windows\n  * CVE-2023-5728: Improper object tracking during GC in the JavaScript engine could have led to a crash.\n  * CVE-2023-5730: Memory safety bugs fixed in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4.1\n","modified":"2026-02-04T04:31:40.606606Z","published":"2023-11-22T18:20:09Z","related":["CVE-2023-5721","CVE-2023-5724","CVE-2023-5725","CVE-2023-5726","CVE-2023-5727","CVE-2023-5728","CVE-2023-5730","CVE-2023-5732"],"upstream":["CVE-2023-5721","CVE-2023-5724","CVE-2023-5725","CVE-2023-5726","CVE-2023-5727","CVE-2023-5728","CVE-2023-5730","CVE-2023-5732"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20234532-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1216338"},{"type":"REPORT","url":"https://bugzilla.suse.com/1217230"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5721"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5724"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5725"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5726"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5728"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5730"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-5732"}],"affected":[{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP5","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.5.0-112.191.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox-devel":"115.5.0-112.191.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4532-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server 12 SP5","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.5.0-112.191.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"115.5.0-112.191.1","MozillaFirefox-devel":"115.5.0-112.191.1","MozillaFirefox-translations-common":"115.5.0-112.191.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4532-1.json"}},{"package":{"name":"MozillaFirefox","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 12 SP5","purl":"pkg:rpm/suse/MozillaFirefox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"115.5.0-112.191.1"}]}],"ecosystem_specific":{"binaries":[{"MozillaFirefox":"115.5.0-112.191.1","MozillaFirefox-devel":"115.5.0-112.191.1","MozillaFirefox-translations-common":"115.5.0-112.191.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2023:4532-1.json"}}],"schema_version":"1.7.3"}