{"schema_version":"1.7.2","id":"OESA-2023-1685","modified":"2023-09-28T11:06:01Z","published":"2023-09-28T11:06:01Z","upstream":["CVE-2023-1999"],"summary":"firefox security update","details":"Mozilla Firefox is a standalone web browser, designed for standards compliance and performance.  Its functionality can be enhanced via a plethora of extensions.\r\n\r\nSecurity Fix(es):\r\n\r\nThere exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n(CVE-2023-1999)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP1","name":"firefox","purl":"pkg:rpm/openEuler/firefox\u0026distro=openEuler-22.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"102.14.0-1.oe2203sp1"}]}],"ecosystem_specific":{"aarch64":["firefox-debuginfo-102.14.0-1.oe2203sp1.aarch64.rpm","firefox-102.14.0-1.oe2203sp1.aarch64.rpm","firefox-debugsource-102.14.0-1.oe2203sp1.aarch64.rpm"],"src":["firefox-102.14.0-1.oe2203sp1.src.rpm"],"x86_64":["firefox-debuginfo-102.14.0-1.oe2203sp1.x86_64.rpm","firefox-debugsource-102.14.0-1.oe2203sp1.x86_64.rpm","firefox-102.14.0-1.oe2203sp1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1685"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1999"}],"database_specific":{"severity":"High"}}