ALASFIREFOX-2023-014

Amazon Linux 2 Security Advisory: ALASFIREFOX-2023-014
Advisory Release Date: 2023-09-27 22:59 Pacific
Advisory Updated Date: 2023-10-06 00:18 Pacific

Severity: Important

References: CVE-2023-4573 CVE-2023-4574 CVE-2023-4575 CVE-2023-4581 CVE-2023-4584
FAQs regarding Amazon Linux ALAS/CVE Severity

Issue Overview:

Memory corruption in IPC CanvasTranslator (CVE-2023-4573)

Memory corruption in IPC ColorPickerShownCallback (CVE-2023-4574)

Memory corruption in IPC FilePickerShownCallback (CVE-2023-4575)

XLL file extensions were downloadable without warnings. (CVE-2023-4581)

Memory safety bug (CVE-2023-4584)

Affected Packages:

firefox

Note:

This advisory is applicable to Amazon Linux 2 - Firefox Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update firefox to update your system.

New Packages:

aarch64:
    firefox-102.15.0-1.amzn2.0.1.aarch64
    firefox-debuginfo-102.15.0-1.amzn2.0.1.aarch64

src:
    firefox-102.15.0-1.amzn2.0.1.src

x86_64:
    firefox-102.15.0-1.amzn2.0.1.x86_64
    firefox-debuginfo-102.15.0-1.amzn2.0.1.x86_64

Additional References

Red Hat: CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4581, CVE-2023-4584

Mitre: CVE-2023-4573, CVE-2023-4574, CVE-2023-4575, CVE-2023-4581, CVE-2023-4584

Select your cookie preferences

Customize cookie preferences

Essential

Performance

Functional

Advertising

ALASFIREFOX-2023-014

Additional References