Red Hat Security Advisory: firefox security update Advisory ID: SLSA-2023:5477 Issue Date: 2023-10-05 CVE Numbers: CVE-2023-3600 CVE-2023-5169 CVE-2023-5171 CVE-2023-5176 CVE-2023-5217 -- Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.3.1 ESR. Security Fix(es): * firefox: use-after-free in workers (CVE-2023-3600) * Mozilla: Out-of-bounds write in PathOps (CVE-2023-5169) * Mozilla: Use-after-free in Ion Compiler (CVE-2023-5171) * Mozilla: Memory safety bugs fixed in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3 (CVE-2023-5176) * libvpx: Heap buffer overflow in vp8 encoding in libvpx (CVE-2023-5217) --- This content is derived from https://access.redhat.com/errata/RHSA-2023:5477 -- SL7 srpm firefox-0:115.3.1-1.el7_9.src x86_64 firefox-0:115.3.1-1.el7_9.x86_64 i386 firefox-0:115.3.1-1.el7_9.i686 - Scientific Linux Development Team