{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"High" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"firefox security update", "category":"general", "title":"Synopsis" }, { "text":"An update for firefox is now available for openEuler-22.03-LTS-SP1.", "category":"general", "title":"Summary" }, { "text":"Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions.\n\nSecurity Fix(es):\n\nWhen receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4573)\n\nWhen creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4574)\n\nWhen creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4575)\n\nExcel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4581)\n\nMemory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.(CVE-2023-4584)\n\nHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)(CVE-2023-4863)", "category":"general", "title":"Description" }, { "text":"An update for firefox is now available for openEuler-22.03-LTS-SP1.\n\nopenEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"High", "category":"general", "title":"Severity" }, { "text":"firefox", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2023-1711", "category":"self", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" }, { "summary":"CVE-2023-4573", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4573&packageName=firefox" }, { "summary":"CVE-2023-4574", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4574&packageName=firefox" }, { "summary":"CVE-2023-4575", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4575&packageName=firefox" }, { "summary":"CVE-2023-4581", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4581&packageName=firefox" }, { "summary":"CVE-2023-4584", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4584&packageName=firefox" }, { "summary":"CVE-2023-4863", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail?cveId=CVE-2023-4863&packageName=firefox" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4573" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4574" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4575" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4581" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4584" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2023-4863" }, { "summary":"openEuler-SA-2023-1711 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2023/csaf-openeuler-sa-2023-1711.json" } ], "title":"An update for firefox is now available for openEuler-22.03-LTS-SP1", "tracking":{ "initial_release_date":"2023-10-13T14:24:49+08:00", "revision_history":[ { "date":"2023-10-13T14:24:49+08:00", "summary":"Initial", "number":"1.0.0" }, { "date":"2024-10-31T14:24:49+08:00", "summary":"final", "number":"2.0.0" } ], "generator":{ "date":"2024-10-31T14:24:49+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2024-10-31T14:24:49+08:00", "id":"openEuler-SA-2023-1711", "version":"2.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"openEuler-22.03-LTS-SP1", "name":"openEuler-22.03-LTS-SP1" }, "name":"openEuler-22.03-LTS-SP1", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-debugsource-102.15.0-2.oe2203sp1.aarch64.rpm", "name":"firefox-debugsource-102.15.0-2.oe2203sp1.aarch64.rpm" }, "name":"firefox-debugsource-102.15.0-2.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-102.15.0-2.oe2203sp1.aarch64.rpm", "name":"firefox-102.15.0-2.oe2203sp1.aarch64.rpm" }, "name":"firefox-102.15.0-2.oe2203sp1.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64.rpm", "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64.rpm" }, "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-102.15.0-2.oe2203sp1.src.rpm", "name":"firefox-102.15.0-2.oe2203sp1.src.rpm" }, "name":"firefox-102.15.0-2.oe2203sp1.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64.rpm", "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64.rpm" }, "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-debugsource-102.15.0-2.oe2203sp1.x86_64.rpm", "name":"firefox-debugsource-102.15.0-2.oe2203sp1.x86_64.rpm" }, "name":"firefox-debugsource-102.15.0-2.oe2203sp1.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP1" }, "product_id":"firefox-102.15.0-2.oe2203sp1.x86_64.rpm", "name":"firefox-102.15.0-2.oe2203sp1.x86_64.rpm" }, "name":"firefox-102.15.0-2.oe2203sp1.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-debugsource-102.15.0-2.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "name":"firefox-debugsource-102.15.0-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-102.15.0-2.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "name":"firefox-102.15.0-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-102.15.0-2.oe2203sp1.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "name":"firefox-102.15.0-2.oe2203sp1.src as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "name":"firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-debugsource-102.15.0-2.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "name":"firefox-debugsource-102.15.0-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP1", "product_reference":"firefox-102.15.0-2.oe2203sp1.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64", "name":"firefox-102.15.0-2.oe2203sp1.x86_64 as a component of openEuler-22.03-LTS-SP1" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2023-4573", "notes":[ { "text":"When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-4573" }, { "cve":"CVE-2023-4574", "notes":[ { "text":"When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-4574" }, { "cve":"CVE-2023-4575", "notes":[ { "text":"When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":6.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-4575" }, { "cve":"CVE-2023-4581", "notes":[ { "text":"Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":4.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2023-4581" }, { "cve":"CVE-2023-4584", "notes":[ { "text":"Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-4584" }, { "cve":"CVE-2023-4863", "notes":[ { "text":"Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ], "details":"firefox security update", "category":"vendor_fix", "url":"https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1711" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.aarch64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.src", "openEuler-22.03-LTS-SP1:firefox-debuginfo-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-debugsource-102.15.0-2.oe2203sp1.x86_64", "openEuler-22.03-LTS-SP1:firefox-102.15.0-2.oe2203sp1.x86_64" ] } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2023-4863" } ] }