USN-6404-2: Firefox regressions

Read Time:50 Second

USN-6404-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.

We apologize for the inconvenience.

Original advisory details:

Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2023-5169,
CVE-2023-5170, CVE-2023-5171, CVE-2023-5172, CVE-2023-5175, CVE-2023-5176)

Ronald Crane discovered that Firefox did not properly manage memory when
non-HTTPS Alternate Services (network.http.altsvc.oe) is enabled. An
attacker could potentially exploit this issue to cause a denial of service.
(CVE-2023-5173)

Clément Lecigne discovered that Firefox did not properly manage memory when
handling VP8 media stream. An attacker-controlled VP8 media stream could
lead to a heap buffer overflow in the content process, resulting in a
denial of service, or possibly execute arbitrary code. (CVE-2023-5217)

Funding Expires for Key Cyber Vulnerability Database

RansomHouse ransomware: what you need to know

Slopsquatting

The AI Fix #46: AI can read minds now, and is your co-host a clone?

North Korean Hackers Exploit LinkedIn to Infect Crypto Developers with Infostealers

Compliance Now Biggest Cyber Challenge for UK Financial Services

Bot Traffic Overtakes Human Activity as Threat Actors Turn to AI

Organizations Found to Address Only 21% of GenAI-Related Vulnerabilities

LabHost Phishing Mastermind Sentenced to 8.5 Years

mingw-poppler-24.08.0-4.fc42

mingw-poppler-24.02.0-5.fc40

mingw-poppler-24.02.0-5.fc41

USN-7439-1: QuickJS vulnerabilities

USN-7438-1: 7-Zip vulnerabilities

mingw-libsoup-2.74.3-10.fc41