MozillaFirefox (SUSE:Linux Enterprise Real Time 15 SP4) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Real Time 15 SP4 package MozillaFirefox, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (18)
CVE-2023-6859 — CVSS 8.8 (high): A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR < 115.6…
CVE-2023-6207 — CVSS 8.8 (high): Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and…
CVE-2023-6861 — CVSS 8.8 (high): The `nsWindow::PickerOpen(void)` method was susceptible to a heap buffer overflow when running in headless mode. This vulnerability affects…
CVE-2023-6862 — CVSS 8.8 (high): A use-after-free was identified in the `nsDNSService::Init`. This issue appears to manifest rarely during start-up. This vulnerability…
CVE-2023-6208 — CVSS 8.8 (high): When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage…
CVE-2023-6864 — CVSS 8.8 (high): Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory…
CVE-2023-6212 — CVSS 8.8 (high): Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Some of these bugs showed evidence of memory…
CVE-2023-6856 — CVSS 8.8 (high): The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue…
CVE-2023-6863 — CVSS 8.8 (high): The `ShutdownObserver()` was susceptible to potentially undefined behavior due to its reliance on a dynamic type that lacked a virtual…
CVE-2023-6858 — CVSS 8.8 (high): Firefox was susceptible to a heap buffer overflow in `nsTextFragment` due to insufficient OOM handling. This vulnerability affects Firefox…
CVE-2023-6204 — CVSS 6.5 (medium): On some systems—depending on the graphics settings and drivers—it was possible to force an out-of-bounds read and leak memory data into…
CVE-2023-6205 — CVSS 6.5 (medium): It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable…
CVE-2023-6209 — CVSS 6.5 (medium): Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override…
CVE-2023-6860 — CVSS 6.5 (medium): The `VideoBridge` allowed any content process to use textures produced by remote decoders. This could be abused to escape the sandbox. This…
CVE-2023-6865 — CVSS 6.5 (medium): `EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local…
CVE-2023-6867 — CVSS 6.1 (medium): The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission…
CVE-2023-6206 — CVSS 5.4 (medium): The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was…
CVE-2023-6857 — CVSS 5.3 (medium): When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only…