920507 – (CVE-2023-6135, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867, CVE-2023-6868, CVE-2023-6869, CVE-2023-6870, CVE-2023-6871, CVE-2023-6872, CVE-2023-6873) <www-client/firefox{-bin,}-{115.6.0,121.0}: multiple vulnerabilities

Bug 920507 (CVE-2023-6135, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867, CVE-2023-6868, CVE-2023-6869, CVE-2023-6870, CVE-2023-6871, CVE-2023-6872, CVE-2023-6873) - <www-client/firefox{-bin,}-{115.6.0,121.0}: multiple vulnerabilities

Summary: <www-client/firefox{-bin,}-{115.6.0,121.0}: multiple vulnerabilities

Status:	RESOLVED FIXED

Alias:	CVE-2023-6135, CVE-2023-6865, CVE-2023-6866, CVE-2023-6867, CVE-2023-6868, CVE-2023-6869, CVE-2023-6870, CVE-2023-6871, CVE-2023-6872, CVE-2023-6873

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Gentoo Security

URL:
Whiteboard:	A2 [glsa+]
Keywords:

Depends on:	920519
Blocks:	CVE-2023-6856, CVE-2023-6857, CVE-2023-6858, CVE-2023-6859, CVE-2023-6860, CVE-2023-6861, CVE-2023-6862, CVE-2023-6863, CVE-2023-6864
	Show dependency tree

Reported:	2023-12-22 00:45 UTC by John Helmert III
Modified:	2024-01-07 09:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-12-22 00:45:21 UTC

CVE-2023-6135 (https://bugzilla.mozilla.org/show_bug.cgi?id=1853908):

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an attacker to recover the private key. This vulnerability affects Firefox < 121.

CVE-2023-6865 (https://bugzilla.mozilla.org/show_bug.cgi?id=1864123):

`EncryptingOutputStream` was susceptible to exposing uninitialized data. This issue could only be abused in order to write data to a local disk which may have implications for private browsing mode. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

CVE-2023-6866 (https://bugzilla.mozilla.org/show_bug.cgi?id=1849037):

TypedArrays can be fallible and lacked proper exception handling. This could lead to abuse in other APIs which expect TypedArrays to always succeed. This vulnerability affects Firefox < 121.

CVE-2023-6867 (https://bugzilla.mozilla.org/show_bug.cgi?id=1863863):

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant button would be about to appear. This vulnerability affects Firefox ESR < 115.6 and Firefox < 121.

CVE-2023-6868 (https://bugzilla.mozilla.org/show_bug.cgi?id=1865488):

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties.
*This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121.

CVE-2023-6869 (https://bugzilla.mozilla.org/show_bug.cgi?id=1799036):

A `&lt;dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. This could allow untrusted content to display under the guise of trusted content. This vulnerability affects Firefox < 121.

CVE-2023-6870 (https://bugzilla.mozilla.org/show_bug.cgi?id=1823316):

Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox.
*This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121.

CVE-2023-6871 (https://bugzilla.mozilla.org/show_bug.cgi?id=1828334):

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox < 121.

CVE-2023-6872 (https://bugzilla.mozilla.org/show_bug.cgi?id=1849186):

Browser tab titles were being leaked by GNOME to system logs. This could potentially expose the browsing habits of users running in a private tab. This vulnerability affects Firefox < 121.

CVE-2023-6873 (https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855327%2C1862089%2C1862723):

Memory safety bugs present in Firefox 120. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 121.

Advisories are:

https://www.mozilla.org/en-US/security/advisories/mfsa2023-55/
https://www.mozilla.org/en-US/security/advisories/mfsa2023-56/

Please stabilize when ready, thanks!

Comment 1 John Helmert III archtester

2024-01-03 06:56:39 UTC

Please cleanup, thanks!

Comment 2 Joonas Niilola gentoo-dev

2024-01-06 09:37:02 UTC

Should be clean, along with bug 918433 and bug 914073

Comment 3 Larry the Git Cow gentoo-dev

2024-01-07 09:39:20 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=22d7e8b6c0209c137d7f713d8d1e090906f7cf58

commit 22d7e8b6c0209c137d7f713d8d1e090906f7cf58
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-01-07 09:38:31 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-01-07 09:39:06 +0000

    [ GLSA 202401-10 ] Mozilla Firefox: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/908245
    Bug: https://bugs.gentoo.org/914073
    Bug: https://bugs.gentoo.org/918433
    Bug: https://bugs.gentoo.org/920507
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202401-10.xml | 134 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 134 insertions(+)