Risk | High |
Patch available | YES |
Number of vulnerabilities | 14 |
CVE-ID | CVE-2023-0767 CVE-2023-25728 CVE-2023-25729 CVE-2023-25730 CVE-2023-25732 CVE-2023-25734 CVE-2023-25735 CVE-2023-25737 CVE-2023-25738 CVE-2023-25739 CVE-2023-25742 CVE-2023-25743 CVE-2023-25744 CVE-2023-25746 |
CWE-ID | CWE-787 CWE-200 CWE-357 CWE-451 CWE-254 CWE-416 CWE-704 CWE-125 CWE-20 CWE-119 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
SUSE Linux Enterprise Server for SAP Operating systems & Components / Operating system SUSE Linux Enterprise Server Operating systems & Components / Operating system SUSE Linux Enterprise Realtime Extension Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system SUSE Linux Enterprise Module for Desktop Applications Operating systems & Components / Operating system SUSE Linux Enterprise Desktop Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications Operating systems & Components / Operating system MozillaFirefox-translations-other Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
EUVDB-ID: #VU72250
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-0767
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing PKCS 12 Safe Bag attributes. A remote attacker can create a specially crafted PKCS 12 cert bundle, trick the victim into loading it, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72248
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25728
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Content-Security-Policy-Report-Only header can leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. A remote attacker can gain access to potentially sensitive information.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72255
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25729
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to missing permissions prompts for opening external schemes were only shown for ContentPrincipals. A malicious extension can open external schemes without user interaction via ExpandedPrincipals and perform other potentially dangerous actions, such as downloading files or interacting with software already installed on the system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72249
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25730
CWE-ID:
CWE-451 - User Interface (UI) Misrepresentation of Critical Information (Clickjacking, spoofing)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to the possibility of screen hijacking. A background script invoking requestFullscreen and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or spoofing attacks.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72256
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25732
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error within EncodeInputStream when encoding data from an inputStream in xpcom. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72257
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25734
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error when handling Windows .url shortcuts that are opened by the browser from the local filesystem. A remote attacker can trick the victim into launching a specially crafted shortcut that then initiates network requests from the operating system to the malicious server. A remote attacker can obtain potentially sensitive information including NTLM credentials.
Note, the vulnerability affects Windows installations only.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72251
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25735
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in SpiderMonkey when in the way cross-compartment wrappers wrapping a scripted proxy. A remote attacker can execute arbitrary code on the target system.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72252
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25737
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to an invalid downcast from nsTextNode to SVGElement in SVGUtils::SetupStrokeGeometry(). A remote attacker can trigger type conversion error and potentially execute arbitrary code.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72253
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25738
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a missing validation of members of the DEVMODEW struct set by the printer device driver while printing web page in Windows. A remote attacker can trick the victim to print a specially crafted web page and crash the browser.
Note, the vulnerability affects Windows installations only.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72254
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25739
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in mozilla::dom::ScriptLoadContext::~ScriptLoadContext(). Module load requests that failed were not being checked as to whether or not they were cancelled in ScriptLoadContext. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72263
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25742
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Web Crypto ImportKey when importing SPKI RSA public key as ECDSA P-256. A remote attacker can trick the victim to import the public key and crash the browser tab.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72267
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25743
CWE-ID:
CWE-357 - Insufficient UI Warning of Dangerous Operations
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to notification is not displayed when the browser is entering the fullscreen mode. A remote attacker can trick the victim to visit a malicious website and perform spoofing attack.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72264
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25744
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU72266
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-25746
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server for SAP: 15-SP2 - 15-SP3
SUSE Linux Enterprise Server: 15-SP2-LTSS - 15-SP4
SUSE Linux Enterprise Realtime Extension: 15-SP3
SUSE Linux Enterprise High Performance Computing: 15-SP2-LTSS - 15-SP4
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
SUSE Linux Enterprise Module for Desktop Applications: 15-SP4
SUSE Linux Enterprise Desktop: 15-SP4
openSUSE Leap: 15.4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
MozillaFirefox-translations-other: before 102.8.0-150200.152.78.1
MozillaFirefox-translations-common: before 102.8.0-150200.152.78.1
MozillaFirefox-devel: before 102.8.0-150200.152.78.1
MozillaFirefox-debugsource: before 102.8.0-150200.152.78.1
MozillaFirefox-debuginfo: before 102.8.0-150200.152.78.1
MozillaFirefox-branding-upstream: before 102.8.0-150200.152.78.1
MozillaFirefox: before 102.8.0-150200.152.78.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20230461-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.