SB2025032183 - openEuler 22.03 LTS SP4 update for firefox
Published: March 21, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 36 secuirty vulnerabilities.
1) Observable discrepancy (CVE-ID: CVE-2023-6135)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a side-channel attack in multiple NSS NIST curves, known as "Minerva". A remote attacker can recover the private key and decrypt data passed between server and client.
2) Use-after-free (CVE-ID: CVE-2023-6207)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the ReadableByteStreamQueueEntry::Buffer() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Information disclosure (CVE-ID: CVE-2023-6208)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the Selection API copies text by mistake into the primary selection, a temporary storage not unlike the clipboard, when using on X11. A local user can gain access to potentially sensitive information.
Note, the vulnerability affects only Firefox installations on X11.
4) Input validation error (CVE-ID: CVE-2023-6209)
The vulnerability allows a remote attacker to manipulate data on websites.
The vulnerability exists due to insufficient validation of user-supplied input when parsing relative URLs that start with a triple slash, e.g. "///". A remote attacker can use a path-traversal "/../" part in the path to override the specified host.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-6210)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions. When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content, such as iframes from insecure http: URLs.
6) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6211)
The vulnerability allows a remote attacker to perform clickjacking attack.
If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if they could get the user to participate in a clicking game.7) Memory corruption (CVE-ID: CVE-2023-6212)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim ti visit a specially crafted website, trigger a memory corruption and execute arbitrary code on the target system.
8) Buffer overflow (CVE-ID: CVE-2023-6213)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Heap-based buffer overflow (CVE-ID: CVE-2023-6856)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebGL DrawElementsInstanced method when used on systems with the Mesa VM driver. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2023-6857)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error when handling symbolic links. A local user can trigger a race when the browser resolves a symbolic link, where the buffer passed to readlink may actually be smaller than necessary. A local user can gain access to potentially sensitive information.
The vulnerability affects Unix based operating systems only (e.g. Android, Linux, MacOS).
11) Heap-based buffer overflow (CVE-ID: CVE-2023-6858)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in nsTextFragment when handling out-of-memory situations. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap overflow and crash the browser.
12) Heap-based buffer overflow (CVE-ID: CVE-2023-6861)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the nsWindow::PickerOpen(void) method when the browser is running in headless mode. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
13) Use-after-free (CVE-ID: CVE-2023-6862)
The vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in nsDNSService::Init during browser startup. A remote attacker with control over the DNS server can cause the browser to crash.
14) Buffer overflow (CVE-ID: CVE-2023-6864)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Use of Uninitialized Variable (CVE-ID: CVE-2023-6865)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to access to uninitialized data in EncryptingOutputStream. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and write data to a local disk, which may have implications for private browsing mode.
16) Multiple Interpretations of UI Input (CVE-ID: CVE-2023-6867)
The vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a timing issue when the user clicks on a button. The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack.
17) Insufficient UI Warning of Dangerous Operations (CVE-ID: CVE-2023-6871)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to lack of protocol handler warning when navigating to a new protocol handler. A remote attacker can perform spoofing attack.
18) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-6872)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Browser tab titles are leaked by GNOME to system logs. A local user can read the log files and gain access to sensitive data.
19) Buffer overflow (CVE-ID: CVE-2023-6873)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Out-of-bounds write (CVE-ID: CVE-2024-0741)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in ANGLE when processing untrusted input. A remote attacker can trick the victim to open a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
21) Security features bypass (CVE-ID: CVE-2024-0742)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to failure to update user input timestamp for certain browser prompts and dialogs. A remote attacker can perform clickjacking attack and trick the victim into providing unintended permissions to a malicious website.
22) Untrusted Pointer Dereference (CVE-ID: CVE-2024-0744)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists die to an untrusted pointer dereference in JIT compiled code. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
23) Security features bypass (CVE-ID: CVE-2024-0747)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error in the way the Content Security Policy handles unsafe-inline directive. When a parent page loaded a child in an iframe with unsafe-inline, the parent Content Security Policy could have overridden the child Content Security Policy.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-0749)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to application does not properly impose security restrictions. A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2024-0751)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A malicious devtools extension could have been used to escalate privileges.
26) Security features bypass (CVE-ID: CVE-2024-0753)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling HSTS on a subdomain. In specific HSTS configurations an attacker could have bypassed HSTS.
27) Buffer overflow (CVE-ID: CVE-2024-0755)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
28) Security features bypass (CVE-ID: CVE-2024-5692)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when parsing file names using the Save As functionality on Windows 10. A remote attacker can trick the victim into saving the file with a disallowed extension such as .url by including an invalid character in the extension.
Note, the vulnerability affects only Windows installations of Firefox.
29) Use-after-free (CVE-ID: CVE-2024-5694)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in the JavaScript engine. A remote attacker can trick the victim to visit a specially crafted website and read memory in the JavaScript string section of the heap.
30) Reachable assertion (CVE-ID: CVE-2024-5695)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion. A remote attacker can trick the victim to visit a specially crafted website, trigger an out-of-memory condition and crash the browser.
31) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2024-5698)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when processing data-list. By manipulating the fullscreen feature while opening a data-list, an attacker could have overlaid a text box over the address bar. This could have led to user confusion and possible spoofing attacks.
32) Input validation error (CVE-ID: CVE-2024-5699)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the way Firefox handles cookie prefixes. Cookie prefixes such as __Secure were being ignored if they
were not correctly capitalized - by spec they should be checked with a
case-insensitive comparison. This could have resulted in the browser not
correctly honoring the behaviors specified by the prefix.
33) Buffer overflow (CVE-ID: CVE-2024-5700)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Buffer overflow (CVE-ID: CVE-2024-5701)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Use-after-free (CVE-ID: CVE-2024-5702)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the networking stack. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and execute arbitrary code on the system.
36) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2024-8386)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when displaying SelectElements popup if a site had been granted the permission to open popup windows. A remote attacker can perform spoofing attack.
Remediation
Install update from vendor's website.