Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2023-6868 (GCVE-0-2023-6868)
Vulnerability from cvelistv5 – Published: 2023-12-19 13:38 – Updated: 2025-02-13 17:26
VLAI?
EPSS
Summary
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
Severity ?
No CVSS data available.
CWE
- WebPush requests on Firefox for Android did not require VAPID key
Assigner
References
Credits
John-Mark Gurney
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:07.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-10"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Firefox",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "121",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "John-Mark Gurney"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\u003cbr\u003e*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121."
}
],
"value": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "WebPush requests on Firefox for Android did not require VAPID key",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-07T11:06:51.488Z",
"orgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"shortName": "mozilla"
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"
},
{
"url": "https://security.gentoo.org/glsa/202401-10"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "f16b083a-5664-49f3-a51e-8d479e5ed7fe",
"assignerShortName": "mozilla",
"cveId": "CVE-2023-6868",
"datePublished": "2023-12-19T13:38:50.669Z",
"dateReserved": "2023-12-15T17:42:57.290Z",
"dateUpdated": "2025-02-13T17:26:40.464Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"121.0\", \"matchCriteriaId\": \"A3D81D72-5965-4DB7-BFA7-9A32A9108919\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121.\"}, {\"lang\": \"es\", \"value\": \"En algunos casos, el agente de usuario permitir\\u00eda solicitudes de inserci\\u00f3n que carec\\u00edan de un VAPID v\\u00e1lido aunque la suscripci\\u00f3n del administrador de inserci\\u00f3n definiera uno. Esto podr\\u00eda permitir que se env\\u00eden mensajes vac\\u00edos desde partes no autorizadas. *Este error solo afecta a Firefox en Android.* Esta vulnerabilidad afecta a Firefox \u0026lt; 121.\"}]",
"id": "CVE-2023-6868",
"lastModified": "2024-11-21T08:44:43.493",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}]}",
"published": "2023-12-19T14:15:07.983",
"references": "[{\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1865488\", \"source\": \"security@mozilla.org\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"source\": \"security@mozilla.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-56/\", \"source\": \"security@mozilla.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://bugzilla.mozilla.org/show_bug.cgi?id=1865488\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Permissions Required\"]}, {\"url\": \"https://security.gentoo.org/glsa/202401-10\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.mozilla.org/security/advisories/mfsa2023-56/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-6868\",\"sourceIdentifier\":\"security@mozilla.org\",\"published\":\"2023-12-19T14:15:07.983\",\"lastModified\":\"2024-11-21T08:44:43.493\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121.\"},{\"lang\":\"es\",\"value\":\"En algunos casos, el agente de usuario permitir\u00eda solicitudes de inserci\u00f3n que carec\u00edan de un VAPID v\u00e1lido aunque la suscripci\u00f3n del administrador de inserci\u00f3n definiera uno. Esto podr\u00eda permitir que se env\u00eden mensajes vac\u00edos desde partes no autorizadas. *Este error solo afecta a Firefox en Android.* Esta vulnerabilidad afecta a Firefox \u0026lt; 121.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"121.0\",\"matchCriteriaId\":\"A3D81D72-5965-4DB7-BFA7-9A32A9108919\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1865488\",\"source\":\"security@mozilla.org\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"security@mozilla.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-56/\",\"source\":\"security@mozilla.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.mozilla.org/show_bug.cgi?id=1865488\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Permissions Required\"]},{\"url\":\"https://security.gentoo.org/glsa/202401-10\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mozilla.org/security/advisories/mfsa2023-56/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
FKIE_CVE-2023-6868
Vulnerability from fkie_nvd - Published: 2023-12-19 14:15 - Updated: 2024-11-21 08:44
Severity ?
Summary
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.
References
| URL | Tags | ||
|---|---|---|---|
| security@mozilla.org | https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 | Issue Tracking, Permissions Required | |
| security@mozilla.org | https://security.gentoo.org/glsa/202401-10 | Third Party Advisory | |
| security@mozilla.org | https://www.mozilla.org/security/advisories/mfsa2023-56/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 | Issue Tracking, Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202401-10 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.mozilla.org/security/advisories/mfsa2023-56/ | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3D81D72-5965-4DB7-BFA7-9A32A9108919",
"versionEndExcluding": "121.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121."
},
{
"lang": "es",
"value": "En algunos casos, el agente de usuario permitir\u00eda solicitudes de inserci\u00f3n que carec\u00edan de un VAPID v\u00e1lido aunque la suscripci\u00f3n del administrador de inserci\u00f3n definiera uno. Esto podr\u00eda permitir que se env\u00eden mensajes vac\u00edos desde partes no autorizadas. *Este error solo afecta a Firefox en Android.* Esta vulnerabilidad afecta a Firefox \u0026lt; 121."
}
],
"id": "CVE-2023-6868",
"lastModified": "2024-11-21T08:44:43.493",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-19T14:15:07.983",
"references": [
{
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488"
},
{
"source": "security@mozilla.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Permissions Required"
],
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56/"
}
],
"sourceIdentifier": "security@mozilla.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CERTFR-2023-AVI-1048
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 121 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 115.6 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.6 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 121",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6867"
},
{
"name": "CVE-2023-6862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6862"
},
{
"name": "CVE-2023-50762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50762"
},
{
"name": "CVE-2023-6857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6857"
},
{
"name": "CVE-2023-6858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6858"
},
{
"name": "CVE-2023-6869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6869"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6865"
},
{
"name": "CVE-2023-6868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6868"
},
{
"name": "CVE-2023-6861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6861"
},
{
"name": "CVE-2023-50761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50761"
},
{
"name": "CVE-2023-6870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6870"
},
{
"name": "CVE-2023-6871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6871"
},
{
"name": "CVE-2023-6860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6860"
},
{
"name": "CVE-2023-6864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6864"
},
{
"name": "CVE-2023-6863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6863"
},
{
"name": "CVE-2023-6872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6872"
},
{
"name": "CVE-2023-6859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6859"
},
{
"name": "CVE-2023-6873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6873"
},
{
"name": "CVE-2023-6856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6856"
},
{
"name": "CVE-2023-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6866"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Mozilla\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution\nde code arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-56 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-54 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-55 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/"
}
]
}
CERTFR-2023-AVI-1048
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une atteinte à la confidentialité des données, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Mozilla | Firefox | Firefox versions antérieures à 121 | ||
| Mozilla | Thunderbird | Thunderbird versions antérieures à 115.6 | ||
| Mozilla | Firefox ESR | Firefox ESR versions antérieures à 115.6 |
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Firefox versions ant\u00e9rieures \u00e0 121",
"product": {
"name": "Firefox",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Thunderbird versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Thunderbird",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
},
{
"description": "Firefox ESR versions ant\u00e9rieures \u00e0 115.6",
"product": {
"name": "Firefox ESR",
"vendor": {
"name": "Mozilla",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2023-6867",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6867"
},
{
"name": "CVE-2023-6862",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6862"
},
{
"name": "CVE-2023-50762",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50762"
},
{
"name": "CVE-2023-6857",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6857"
},
{
"name": "CVE-2023-6858",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6858"
},
{
"name": "CVE-2023-6869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6869"
},
{
"name": "CVE-2023-6135",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6135"
},
{
"name": "CVE-2023-6865",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6865"
},
{
"name": "CVE-2023-6868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6868"
},
{
"name": "CVE-2023-6861",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6861"
},
{
"name": "CVE-2023-50761",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50761"
},
{
"name": "CVE-2023-6870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6870"
},
{
"name": "CVE-2023-6871",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6871"
},
{
"name": "CVE-2023-6860",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6860"
},
{
"name": "CVE-2023-6864",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6864"
},
{
"name": "CVE-2023-6863",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6863"
},
{
"name": "CVE-2023-6872",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6872"
},
{
"name": "CVE-2023-6859",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6859"
},
{
"name": "CVE-2023-6873",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6873"
},
{
"name": "CVE-2023-6856",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6856"
},
{
"name": "CVE-2023-6866",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-6866"
}
],
"links": [],
"reference": "CERTFR-2023-AVI-1048",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2023-12-20T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans \u003cspan\nclass=\"textit\"\u003eles produits Mozilla\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par\nl\u0027\u00e9diteur, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution\nde code arbitraire \u00e0 distance et un contournement de la politique de\ns\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Mozilla",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-56 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-54 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-54/"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mozilla mfsa2023-55 du 19 d\u00e9cembre 2023",
"url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/"
}
]
}
GHSA-3XCH-57QJ-5X2P
Vulnerability from github – Published: 2023-12-19 15:30 – Updated: 2023-12-22 12:31
VLAI?
Details
In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. This bug only affects Firefox on Android. This vulnerability affects Firefox < 121.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2023-6868"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-19T14:15:07Z",
"severity": "MODERATE"
},
"details": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121.",
"id": "GHSA-3xch-57qj-5x2p",
"modified": "2023-12-22T12:31:46Z",
"published": "2023-12-19T15:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6868"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865488"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202401-10"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2023-56"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
OPENSUSE-SU-2024:13531-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
MozillaFirefox-121.0-1.1 on GA media
Notes
Title of the patch
MozillaFirefox-121.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the MozillaFirefox-121.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13531
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "MozillaFirefox-121.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the MozillaFirefox-121.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13531",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13531-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6135 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6856 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6857 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6858 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6858/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6859 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6859/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6860 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6860/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6861 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6863 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6863/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6864 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6864/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6865 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6866 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6866/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6867 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6867/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6868 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6868/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6869 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6869/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6870 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6870/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6871 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6871/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6872 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6872/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6873 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6873/"
}
],
"title": "MozillaFirefox-121.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13531-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-121.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-121.0-1.1.aarch64",
"product_id": "MozillaFirefox-121.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"product_id": "MozillaFirefox-branding-upstream-121.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-121.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-devel-121.0-1.1.aarch64",
"product_id": "MozillaFirefox-devel-121.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-121.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-common-121.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-common-121.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-121.0-1.1.aarch64",
"product": {
"name": "MozillaFirefox-translations-other-121.0-1.1.aarch64",
"product_id": "MozillaFirefox-translations-other-121.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-121.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-121.0-1.1.ppc64le",
"product_id": "MozillaFirefox-121.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"product_id": "MozillaFirefox-branding-upstream-121.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-121.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-devel-121.0-1.1.ppc64le",
"product_id": "MozillaFirefox-devel-121.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-common-121.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"product": {
"name": "MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"product_id": "MozillaFirefox-translations-other-121.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-121.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-121.0-1.1.s390x",
"product_id": "MozillaFirefox-121.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"product_id": "MozillaFirefox-branding-upstream-121.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-121.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-devel-121.0-1.1.s390x",
"product_id": "MozillaFirefox-devel-121.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-121.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-common-121.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-common-121.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-121.0-1.1.s390x",
"product": {
"name": "MozillaFirefox-translations-other-121.0-1.1.s390x",
"product_id": "MozillaFirefox-translations-other-121.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "MozillaFirefox-121.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-121.0-1.1.x86_64",
"product_id": "MozillaFirefox-121.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"product_id": "MozillaFirefox-branding-upstream-121.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-devel-121.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-devel-121.0-1.1.x86_64",
"product_id": "MozillaFirefox-devel-121.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-common-121.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-common-121.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-common-121.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "MozillaFirefox-translations-other-121.0-1.1.x86_64",
"product": {
"name": "MozillaFirefox-translations-other-121.0-1.1.x86_64",
"product_id": "MozillaFirefox-translations-other-121.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-121.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-121.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-121.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-121.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-121.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-121.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-121.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-121.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-branding-upstream-121.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-121.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-devel-121.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-121.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-devel-121.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-121.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-devel-121.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-devel-121.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-devel-121.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-121.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-common-121.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-121.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-121.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-common-121.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-common-121.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-common-121.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-121.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64"
},
"product_reference": "MozillaFirefox-translations-other-121.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-121.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le"
},
"product_reference": "MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-121.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x"
},
"product_reference": "MozillaFirefox-translations-other-121.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "MozillaFirefox-translations-other-121.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
},
"product_reference": "MozillaFirefox-translations-other-121.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2023-6135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6135"
}
],
"notes": [
{
"category": "general",
"text": "Multiple NSS NIST curves were susceptible to a side-channel attack known as \"Minerva\". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6135",
"url": "https://www.suse.com/security/cve/CVE-2023-6135"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6135",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6135"
},
{
"cve": "CVE-2023-6856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6856"
}
],
"notes": [
{
"category": "general",
"text": "The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6856",
"url": "https://www.suse.com/security/cve/CVE-2023-6856"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6856",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6856"
},
{
"cve": "CVE-2023-6857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6857"
}
],
"notes": [
{
"category": "general",
"text": "When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. \n*This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6857",
"url": "https://www.suse.com/security/cve/CVE-2023-6857"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6857",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6857"
},
{
"cve": "CVE-2023-6858",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6858"
}
],
"notes": [
{
"category": "general",
"text": "Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6858",
"url": "https://www.suse.com/security/cve/CVE-2023-6858"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6858",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6858"
},
{
"cve": "CVE-2023-6859",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6859"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6859",
"url": "https://www.suse.com/security/cve/CVE-2023-6859"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6859",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6859"
},
{
"cve": "CVE-2023-6860",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6860"
}
],
"notes": [
{
"category": "general",
"text": "The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6860",
"url": "https://www.suse.com/security/cve/CVE-2023-6860"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6860",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6860"
},
{
"cve": "CVE-2023-6861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6861"
}
],
"notes": [
{
"category": "general",
"text": "The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6861",
"url": "https://www.suse.com/security/cve/CVE-2023-6861"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6861",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6861"
},
{
"cve": "CVE-2023-6863",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6863"
}
],
"notes": [
{
"category": "general",
"text": "The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual destructor. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6863",
"url": "https://www.suse.com/security/cve/CVE-2023-6863"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6863",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6863"
},
{
"cve": "CVE-2023-6864",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6864"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR \u003c 115.6, Thunderbird \u003c 115.6, and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6864",
"url": "https://www.suse.com/security/cve/CVE-2023-6864"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6864",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6864"
},
{
"cve": "CVE-2023-6865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6865"
}
],
"notes": [
{
"category": "general",
"text": "`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR \u003c 115.6 and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6865",
"url": "https://www.suse.com/security/cve/CVE-2023-6865"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6865",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6865"
},
{
"cve": "CVE-2023-6866",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6866"
}
],
"notes": [
{
"category": "general",
"text": "TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6866",
"url": "https://www.suse.com/security/cve/CVE-2023-6866"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6866",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6866"
},
{
"cve": "CVE-2023-6867",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6867"
}
],
"notes": [
{
"category": "general",
"text": "The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR \u003c 115.6 and Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6867",
"url": "https://www.suse.com/security/cve/CVE-2023-6867"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6867",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6867"
},
{
"cve": "CVE-2023-6868",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6868"
}
],
"notes": [
{
"category": "general",
"text": "In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.\n*This bug only affects Firefox on Android.* This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6868",
"url": "https://www.suse.com/security/cve/CVE-2023-6868"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6868",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6868"
},
{
"cve": "CVE-2023-6869",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6869"
}
],
"notes": [
{
"category": "general",
"text": "A `\u0026lt;dialog\u003e` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6869",
"url": "https://www.suse.com/security/cve/CVE-2023-6869"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6869",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6869"
},
{
"cve": "CVE-2023-6870",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6870"
}
],
"notes": [
{
"category": "general",
"text": "Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. \n*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6870",
"url": "https://www.suse.com/security/cve/CVE-2023-6870"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6870",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6870"
},
{
"cve": "CVE-2023-6871",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6871"
}
],
"notes": [
{
"category": "general",
"text": "Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6871",
"url": "https://www.suse.com/security/cve/CVE-2023-6871"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6871",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6871"
},
{
"cve": "CVE-2023-6872",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6872"
}
],
"notes": [
{
"category": "general",
"text": "Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6872",
"url": "https://www.suse.com/security/cve/CVE-2023-6872"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6872",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6872"
},
{
"cve": "CVE-2023-6873",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6873"
}
],
"notes": [
{
"category": "general",
"text": "Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox \u003c 121.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6873",
"url": "https://www.suse.com/security/cve/CVE-2023-6873"
},
{
"category": "external",
"summary": "SUSE Bug 1217974 for CVE-2023-6873",
"url": "https://bugzilla.suse.com/1217974"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-branding-upstream-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-devel-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-common-121.0-1.1.x86_64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.aarch64",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.ppc64le",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.s390x",
"openSUSE Tumbleweed:MozillaFirefox-translations-other-121.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-6873"
}
]
}
OPENSUSE-SU-2024:14572-1
Vulnerability from csaf_opensuse - Published: 2024-12-12 00:00 - Updated: 2024-12-12 00:00Summary
firefox-esr-128.5.1-1.1 on GA media
Notes
Title of the patch
firefox-esr-128.5.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the firefox-esr-128.5.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-14572
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).