SUSE update for MozillaFirefox
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 18 |
| CVE-ID | CVE-2023-6204 CVE-2023-6205 CVE-2023-6206 CVE-2023-6207 CVE-2023-6208 CVE-2023-6209 CVE-2023-6212 CVE-2023-6856 CVE-2023-6857 CVE-2023-6858 CVE-2023-6859 CVE-2023-6860 CVE-2023-6861 CVE-2023-6862 CVE-2023-6863 CVE-2023-6864 CVE-2023-6865 CVE-2023-6867 |
| CWE-ID | CWE-787 CWE-416 CWE-450 CWE-200 CWE-20 CWE-119 CWE-122 CWE-124 CWE-254 CWE-758 CWE-457 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SUSE Linux Enterprise Server 15 SP4 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing LTSS 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing ESPOS 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 SP4 LTSS Operating systems & Components / Operating system Desktop Applications Module Operating systems & Components / Operating system SUSE Linux Enterprise Server for SAP Applications 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 Operating systems & Components / Operating system SUSE Linux Enterprise Real Time 15 Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 Operating systems & Components / Operating system SUSE Linux Enterprise Desktop 15 Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP3 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise Server 15 SP2 LTSS Operating systems & Components / Operating system SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS Operating systems & Components / Operating system openSUSE Leap Operating systems & Components / Operating system SUSE Enterprise Storage Operating systems & Components / Operating system SUSE Manager Retail Branch Server Operating systems & Components / Operating system SUSE Manager Server Operating systems & Components / Operating system SUSE Manager Proxy Operating systems & Components / Operating system MozillaFirefox-branding-upstream Operating systems & Components / Operating system package or component MozillaFirefox-devel Operating systems & Components / Operating system package or component MozillaFirefox-translations-other Operating systems & Components / Operating system package or component MozillaFirefox Operating systems & Components / Operating system package or component MozillaFirefox-debuginfo Operating systems & Components / Operating system package or component MozillaFirefox-debugsource Operating systems & Components / Operating system package or component MozillaFirefox-translations-common Operating systems & Components / Operating system package or component |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 18 vulnerabilities.
1) Out-of-bounds write
EUVDB-ID: #VU83367
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6204
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content in in WebGL2 blitFramebuffer. A remote attacker can trick the victim ti visit a specially crafted website, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU83368
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6205
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the MessagePort::Entangled() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Multiple Interpretations of UI Input
EUVDB-ID: #VU83369
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6206
CWE-ID:
CWE-450 - Multiple Interpretations of UI Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to the black fade animation when exiting fullscreen is roughly
the length of the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack and trick the victim into pressing the permissions grant button.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free
EUVDB-ID: #VU83370
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6207
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the ReadableByteStreamQueueEntry::Buffer() method. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU83371
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6208
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the Selection API copies text by mistake into the primary selection, a temporary storage not unlike the clipboard, when using on X11. A local user can gain access to potentially sensitive information.
Note, the vulnerability affects only Firefox installations on X11.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Input validation error
EUVDB-ID: #VU83372
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6209
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to manipulate data on websites.
The vulnerability exists due to insufficient validation of user-supplied input when parsing relative URLs that start with a triple slash, e.g. "///". A remote attacker can use a path-traversal "/../" part in the path to override the specified host.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU83373
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6212
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can trick the victim ti visit a specially crafted website, trigger a memory corruption and execute arbitrary code on the target system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Heap-based buffer overflow
EUVDB-ID: #VU84557
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6856
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the WebGL DrawElementsInstanced method when used on systems with the Mesa VM driver. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Buffer Underwrite ('Buffer Underflow')
EUVDB-ID: #VU84559
Risk: Low
CVSSv3.1: 2.2 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6857
CWE-ID:
CWE-124 - Buffer Underwrite ('Buffer Underflow')
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error when handling symbolic links. A local user can trigger a race when the browser resolves a symbolic link, where the buffer passed to readlink may actually be smaller than necessary. A local user can gain access to potentially sensitive information.
The vulnerability affects Unix based operating systems only (e.g. Android, Linux, MacOS).
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Heap-based buffer overflow
EUVDB-ID: #VU84560
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6858
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in nsTextFragment when handling out-of-memory situations. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap overflow and crash the browser.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU84561
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6859
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in PR_GetIdentitiesLayer when creating the TLS socket. A remote attacker can trick the victim to visit a specially crafted website and crash the browser.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security features bypass
EUVDB-ID: #VU84562
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6860
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to VideoBridge lack of texture validation. A remote attacker can trick the victim to open a specially crafted website, escape the sandbox and gain access to sensitive information.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Heap-based buffer overflow
EUVDB-ID: #VU84564
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6861
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the nsWindow::PickerOpen(void) method when the browser is running in headless mode. A remote attacker can trick the victim to visit a specially crafted website, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free
EUVDB-ID: #VU84565
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6862
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to crash the browser.
The vulnerability exists due to a use-after-free error in nsDNSService::Init during browser startup. A remote attacker with control over the DNS server can cause the browser to crash.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Reliance on undefined behavior
EUVDB-ID: #VU84566
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6863
CWE-ID:
CWE-758 - Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to reliance on undefined behavior in ShutdownObserver(). A remote attacker can crash the browser.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Buffer overflow
EUVDB-ID: #VU84567
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6864
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Use of Uninitialized Variable
EUVDB-ID: #VU84558
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6865
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to access to uninitialized data in EncryptingOutputStream. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption and write data to a local disk, which may have implications for private browsing mode.
Update the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Multiple Interpretations of UI Input
EUVDB-ID: #VU84563
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-6867
CWE-ID:
CWE-450 - Multiple Interpretations of UI Input
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform clickjacking attack.
The vulnerability exists due to a timing issue when the user clicks on a button. The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. A remote attacker can perform clickjacking attack.
MitigationUpdate the affected package MozillaFirefox to the latest version.
Vulnerable software versionsSUSE Linux Enterprise Server 15 SP4 LTSS: 15-SP4
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3 - SP4
SUSE Linux Enterprise High Performance Computing ESPOS 15: SP3 - SP4
SUSE Linux Enterprise Desktop 15 SP4 LTSS: 15-SP4
Desktop Applications Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP5
SUSE Linux Enterprise Server 15: SP2 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Manager Proxy: 4.3
MozillaFirefox-branding-upstream: before 115.6.0-150200.152.120.1
MozillaFirefox-devel: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-other: before 115.6.0-150200.152.120.1
MozillaFirefox: before 115.6.0-150200.152.120.1
MozillaFirefox-debuginfo: before 115.6.0-150200.152.120.1
MozillaFirefox-debugsource: before 115.6.0-150200.152.120.1
MozillaFirefox-translations-common: before 115.6.0-150200.152.120.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234928-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
