<div class="container">
<h1>Security update for MozillaFirefox</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:4912-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>important</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217230">bsc#1217230</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217974">bsc#1217974</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6204.html">CVE-2023-6204</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6205.html">CVE-2023-6205</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6206.html">CVE-2023-6206</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6207.html">CVE-2023-6207</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6208.html">CVE-2023-6208</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6209.html">CVE-2023-6209</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6212.html">CVE-2023-6212</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6856.html">CVE-2023-6856</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6857.html">CVE-2023-6857</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6858.html">CVE-2023-6858</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6859.html">CVE-2023-6859</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6860.html">CVE-2023-6860</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6861.html">CVE-2023-6861</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6862.html">CVE-2023-6862</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6863.html">CVE-2023-6863</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6864.html">CVE-2023-6864</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6865.html">CVE-2023-6865</a>
</li>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-6867.html">CVE-2023-6867</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6204</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6205</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6206</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">5.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6207</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6208</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6209</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.5</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-6212</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">8.8</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Software Development Kit 12 SP5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves 18 vulnerabilities can now be installed.</p>
<h2>Description:</h2>
<p>This update for MozillaFirefox fixes the following issues:</p>
<ul>
<li>Firefox Extended Support Release 115.6.0 ESR changelog-entry (bsc#1217974)</li>
<li>CVE-2023-6856: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver (bmo#1843782).</li>
<li>CVE-2023-6857: Symlinks may resolve to smaller than expected buffers (bmo#1796023).</li>
<li>CVE-2023-6858: Heap buffer overflow in nsTextFragment (bmo#1826791).</li>
<li>CVE-2023-6859: Use-after-free in PR_GetIdentitiesLayer (bmo#1840144).</li>
<li>CVE-2023-6860: Potential sandbox escape due to VideoBridge lack of texture validation (bmo#1854669).</li>
<li>CVE-2023-6861: Heap buffer overflow affected nsWindow::PickerOpen(void) in headless mode (bmo#1864118).</li>
<li>CVE-2023-6862: Use-after-free in nsDNSService (bsc#1868042).</li>
<li>CVE-2023-6863: Undefined behavior in ShutdownObserver() (bmo#1868901).</li>
<li>CVE-2023-6864: Memory safety bugs fixed in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6.</li>
<li>CVE-2023-6865: Potential exposure of uninitialized data in EncryptingOutputStream (bmo#1864123).</li>
<li>
<p>CVE-2023-6867: Clickjacking permission prompts using the popup transition (bmo#1863863).</p>
</li>
<li>
<p>Fixed: Various security fixes and other quality improvements MFSA 2023-50 (bsc#1217230)</p>
</li>
<li>CVE-2023-6204 (bmo#1841050)
Out-of-bound memory access in WebGL2 blitFramebuffer</li>
<li>CVE-2023-6205 (bmo#1854076)
Use-after-free in MessagePort::Entangled</li>
<li>CVE-2023-6206 (bmo#1857430)
Clickjacking permission prompts using the fullscreen
transition</li>
<li>CVE-2023-6207 (bmo#1861344)
Use-after-free in ReadableByteStreamQueueEntry::Buffer</li>
<li>CVE-2023-6208 (bmo#1855345)
Using Selection API would copy contents into X11 primary
selection.</li>
<li>CVE-2023-6209 (bmo#1858570)
Incorrect parsing of relative URLs starting with "///"</li>
<li>CVE-2023-6212 (bmo#1658432, bmo#1820983, bmo#1829252,
bmo#1856072, bmo#1856091, bmo#1859030, bmo#1860943,
bmo#1862782)
Memory safety bugs fixed in Firefox 120, Firefox ESR 115.5,
and Thunderbird 115.5</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Software Development Kit 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4912=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise High Performance Computing 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1</code>
</li>
<li class="list-group-item">
SUSE Linux Enterprise Server for SAP Applications 12 SP5
<br/>
<code>zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4912=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaFirefox-debuginfo-115.6.0-112.194.1</li>
<li>MozillaFirefox-debugsource-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Software Development Kit 12 SP5 (noarch)
<ul>
<li>MozillaFirefox-devel-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64)
<ul>
<li>MozillaFirefox-debuginfo-115.6.0-112.194.1</li>
<li>MozillaFirefox-translations-common-115.6.0-112.194.1</li>
<li>MozillaFirefox-115.6.0-112.194.1</li>
<li>MozillaFirefox-debugsource-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch)
<ul>
<li>MozillaFirefox-devel-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64)
<ul>
<li>MozillaFirefox-debuginfo-115.6.0-112.194.1</li>
<li>MozillaFirefox-translations-common-115.6.0-112.194.1</li>
<li>MozillaFirefox-115.6.0-112.194.1</li>
<li>MozillaFirefox-debugsource-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server 12 SP5 (noarch)
<ul>
<li>MozillaFirefox-devel-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64)
<ul>
<li>MozillaFirefox-debuginfo-115.6.0-112.194.1</li>
<li>MozillaFirefox-translations-common-115.6.0-112.194.1</li>
<li>MozillaFirefox-115.6.0-112.194.1</li>
<li>MozillaFirefox-debugsource-115.6.0-112.194.1</li>
</ul>
</li>
<li>
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
<ul>
<li>MozillaFirefox-devel-115.6.0-112.194.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6204.html">https://www.suse.com/security/cve/CVE-2023-6204.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6205.html">https://www.suse.com/security/cve/CVE-2023-6205.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6206.html">https://www.suse.com/security/cve/CVE-2023-6206.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6207.html">https://www.suse.com/security/cve/CVE-2023-6207.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6208.html">https://www.suse.com/security/cve/CVE-2023-6208.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6209.html">https://www.suse.com/security/cve/CVE-2023-6209.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6212.html">https://www.suse.com/security/cve/CVE-2023-6212.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6856.html">https://www.suse.com/security/cve/CVE-2023-6856.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6857.html">https://www.suse.com/security/cve/CVE-2023-6857.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6858.html">https://www.suse.com/security/cve/CVE-2023-6858.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6859.html">https://www.suse.com/security/cve/CVE-2023-6859.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6860.html">https://www.suse.com/security/cve/CVE-2023-6860.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6861.html">https://www.suse.com/security/cve/CVE-2023-6861.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6862.html">https://www.suse.com/security/cve/CVE-2023-6862.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6863.html">https://www.suse.com/security/cve/CVE-2023-6863.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6864.html">https://www.suse.com/security/cve/CVE-2023-6864.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6865.html">https://www.suse.com/security/cve/CVE-2023-6865.html</a>
</li>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-6867.html">https://www.suse.com/security/cve/CVE-2023-6867.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217230">https://bugzilla.suse.com/show_bug.cgi?id=1217230</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1217974">https://bugzilla.suse.com/show_bug.cgi?id=1217974</a>
</li>
</ul>
</div>