Security update for MozillaFirefox SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:3941-1 Final 1 1 2023-10-03T15:00:59Z current 2023-10-03T15:00:59Z 2023-10-03T15:00:59Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for MozillaFirefox This update for MozillaFirefox fixes the following issues: Mozilla Firefox ESR 115.3.1 ESR was released to fix a security issue: - MFSA 2023-44 (bsc#1215814) * CVE-2023-5217: Fixed a heap buffer overflow in libvpx The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP1-SAP-Azure-LI-BYOS-Production-2023-3941,Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production-2023-3941,SUSE-2023-3941,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3941,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3941,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3941 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20233941-1/ Link for SUSE-SU-2023:3941-1 https://lists.suse.com/pipermail/sle-security-updates/2023-October/016484.html E-Mail link for SUSE-SU-2023:3941-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1215814 SUSE Bug 1215814 https://www.suse.com/security/cve/CVE-2023-5217/ SUSE CVE CVE-2023-5217 page Image SLES15-SP1-SAP-Azure-LI-BYOS-Production Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-115.3.1-150000.150.110.1 MozillaFirefox-branding-upstream-115.3.1-150000.150.110.1 MozillaFirefox-devel-115.3.1-150000.150.110.1 MozillaFirefox-translations-common-115.3.1-150000.150.110.1 MozillaFirefox-translations-other-115.3.1-150000.150.110.1 MozillaFirefox-115.3.1-150000.150.110.1 as a component of Image SLES15-SP1-SAP-Azure-LI-BYOS-Production MozillaFirefox-115.3.1-150000.150.110.1 as a component of Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production MozillaFirefox-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-devel-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-translations-common-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-translations-other-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS MozillaFirefox-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-devel-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-common-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-translations-other-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS MozillaFirefox-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-devel-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-translations-common-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 MozillaFirefox-translations-other-115.3.1-150000.150.110.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CVE-2023-5217 Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:MozillaFirefox-115.3.1-150000.150.110.1 Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-devel-115.3.1-150000.150.110.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-common-115.3.1-150000.150.110.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:MozillaFirefox-translations-other-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-devel-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-common-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server 15 SP1-LTSS:MozillaFirefox-translations-other-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-devel-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-common-115.3.1-150000.150.110.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:MozillaFirefox-translations-other-115.3.1-150000.150.110.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20233941-1/ https://www.suse.com/security/cve/CVE-2023-5217.html CVE-2023-5217 https://bugzilla.suse.com/1215776 SUSE Bug 1215776 https://bugzilla.suse.com/1215778 SUSE Bug 1215778 https://bugzilla.suse.com/1215814 SUSE Bug 1215814 https://bugzilla.suse.com/1217559 SUSE Bug 1217559