USN-6010-1 fixed vulnerabilities and USN-6010-2 fixed minor regressions in
Firefox. The update introduced several minor regressions. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-29537,
CVE-2023-29540, CVE-2023-29543, CVE-2023-29544, CVE-2023-29547,
CVE-2023-29548, CVE-2023-29549, CVE-2023-29550, CVE-2023-29551)
Irvan Kurniawan discovered that Firefox did not properly manage fullscreen
notifications using a combination of window.open, fullscreen requests,
window.name assignments, and setInterval calls. An attacker could
potentially exploit this issue to perform spoofing attacks. (CVE-2023-29533)
Lukas Bernhard discovered that Firefox did not properly manage memory
when doing Garbage Collector compaction. An attacker could potentially
exploits this issue to cause a denial of service. (CVE-2023-29535)
Zx from qriousec discovered that Firefox did not properly validate the
address to free a pointer provided to the memory manager. An attacker could
potentially exploits this issue to cause a denial of service.
(CVE-2023-29536)
Alexis aka zoracon discovered that Firefox did not properly validate the
URI received by the WebExtension during a load request. An attacker could
potentially exploits this to obtain sensitive information. (CVE-2023-29538)
Trung Pham discovered that Firefox did not properly validate the filename
directive in the Content-Disposition header. An attacker could possibly
exploit this to perform reflected file download attacks potentially
tricking users to install malware. (CVE-2023-29539)
Ameen Basha M K discovered that Firefox did not properly validate downloads
of files ending in .desktop. An attacker could potentially exploits this
issue to execute arbitrary code. (CVE-2023-29541)
More Stories
chromium-125.0.6422.60-1.fc38
FEDORA-2024-3a548f46a8 Packages in this update: chromium-125.0.6422.60-1.fc38 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
chromium-125.0.6422.60-1.fc40
FEDORA-2024-c01c1f5f82 Packages in this update: chromium-125.0.6422.60-1.fc40 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
chromium-125.0.6422.60-1.fc39
FEDORA-2024-382a7dba53 Packages in this update: chromium-125.0.6422.60-1.fc39 Update description: update to 125.0.6422.60 * High CVE-2024-4947: Type Confusion in V8 * High...
dotnet7.0-7.0.119-1.fc38
FEDORA-2024-bdd75e525c Packages in this update: dotnet7.0-7.0.119-1.fc38 Update description: This is the May 2024 security update for .NET 7. This is...
dotnet7.0-7.0.119-1.fc39
FEDORA-2024-3136a71490 Packages in this update: dotnet7.0-7.0.119-1.fc39 Update description: This is the May 2024 security update for .NET 7. This is...
thunderbird-115.11.0-1.fc39
FEDORA-2024-5d7c339890 Packages in this update: thunderbird-115.11.0-1.fc39 Update description: Update to 115.11.0 https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/ https://www.thunderbird.net/en-US/thunderbird/115.11.0/releasenotes/ Read More