libmozjs-115-0-115.4.0-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13412 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libmozjs-115-0-115.4.0-1.1 on GA media These are all security issues fixed in the libmozjs-115-0-115.4.0-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13412 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13412 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-5721/ SUSE CVE CVE-2023-5721 page https://www.suse.com/security/cve/CVE-2023-5724/ SUSE CVE CVE-2023-5724 page https://www.suse.com/security/cve/CVE-2023-5725/ SUSE CVE CVE-2023-5725 page https://www.suse.com/security/cve/CVE-2023-5726/ SUSE CVE CVE-2023-5726 page https://www.suse.com/security/cve/CVE-2023-5727/ SUSE CVE CVE-2023-5727 page https://www.suse.com/security/cve/CVE-2023-5728/ SUSE CVE CVE-2023-5728 page https://www.suse.com/security/cve/CVE-2023-5730/ SUSE CVE CVE-2023-5730 page https://www.suse.com/security/cve/CVE-2023-5732/ SUSE CVE CVE-2023-5732 page openSUSE Tumbleweed libmozjs-115-0-115.4.0-1.1 mozjs115-115.4.0-1.1 mozjs115-devel-115.4.0-1.1 libmozjs-115-0-115.4.0-1.1 as a component of openSUSE Tumbleweed mozjs115-115.4.0-1.1 as a component of openSUSE Tumbleweed mozjs115-devel-115.4.0-1.1 as a component of openSUSE Tumbleweed It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5721 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5721.html CVE-2023-5721 Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5724 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5724.html CVE-2023-5724 A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5725 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5725.html CVE-2023-5725 A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only affected macOS operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5726 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5726.html CVE-2023-5726 The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5727 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5727.html CVE-2023-5727 During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5728 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5728.html CVE-2023-5728 Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 119, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5730 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5730.html CVE-2023-5730 An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR < 115.4, and Thunderbird < 115.4.1. CVE-2023-5732 openSUSE Tumbleweed:libmozjs-115-0-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-115.4.0-1.1 openSUSE Tumbleweed:mozjs115-devel-115.4.0-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-5732.html CVE-2023-5732