Synopsis: Important: firefox security update Advisory ID: SLSA-2023:5477-1 Issue Date: 2023-10-05 CVE Numbers: CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 -- This update upgrades Firefox to version 115.3.1 ESR. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE -- SL7 x86_64 firefox-115.3.1-1.el7_9.x86_64.rpm firefox-debuginfo-115.3.1-1.el7_9.x86_64.rpm firefox-115.3.1-1.el7_9.i686.rpm firefox-debuginfo-115.3.1-1.el7_9.i686.rpm - Scientific Linux Development Team