Firefox For AIX is withdrawn sometime back now.
Original Message:
Sent: Thu October 26, 2023 02:57 AM
From: Ranjit Ranjan
Subject: Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use Firefox browser was installed from AIX tools box.
Hi
CVE-2023-4863 is raised against libwebp package so any application which is using this package from AIX Toolbox will be affected.
Now, consider Firefox is using this package then overall Firefox can be exploited. https://www.mozilla.org/en-US/security/advisories/mfsa2023-40/
Could you please check with customer which version of mozila they are using and whether they compiled themselves ?
If customer is using very old version of mozila , then they might have to re-compile once we publish libwebp package in toolbox.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
Original Message:
Sent: Wed October 25, 2023 10:47 PM
From: CHARIN KUMJUDPAI
Subject: Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use Firefox browser was installed from AIX tools box.
Hello Ranjit,
.
Due to your update "we are planning this package update in 4Q 2023."
.
I have check the Mozilla Firefox for AIX is not available on the AIX TOOLBOX.
In url: https://www.ibm.com/support/pages/aix-toolbox-open-source-software-downloads-alpha
.
Could you pleaes tell me more about the packages name of Firefox for AIX which were affected with this CVE.
.
Then i will contact customer to run "instfix" or "rpm -qa" commands to verify the Firefox is installed on customer system or not?
And firstly, we would like make sure the customer servers is required to upgrade before, once this package update in 4Q 2023 is available.
.
Regards,
Charin Kumjudpai.
------------------------------
CHARIN KUMJUDPAI
Original Message:
Sent: Wed October 25, 2023 07:39 AM
From: Ranjit Ranjan
Subject: Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use Firefox browser was installed from AIX tools box.
Hi
https://community.ibm.com/community/user/power/discussion/cve-2023-4863-on-libwebp
we are planning this package update in 4Q 2023.
Thanks
Ranjit
------------------------------
Ranjit Ranjan
Original Message:
Sent: Wed October 25, 2023 06:17 AM
From: CHARIN KUMJUDPAI
Subject: Please help investigate the vulnerability CVE-2023-4863(LibWeb) may be affected to AIX OS Systems if customer use Firefox browser was installed from AIX tools box.
Problem Description:
Customer by Security team has reported this vulnerability - LibWebP(CVE-2023-4863) and needs IBM AIX support team to investigate about LibWeb for Firefox browser by create ticket (Salesforce case) to support issue.
.
IBM local support action taken.
1. By searching in IBM support system was found the case with "Resolution Description".
The CVE-2023-4863 was affected to Chrome and AIX is not affected.
.
In this page reported the "Affected Products and Versions" was affected to "IBM App Connect Enterprise 12.0.1.0 - 12.0.9.0" only.
.
In addition, for AIX support about to this CVE number are suggest to get support via Community channel instead of Salesforce support process.
.
IBMBP(KYNDRYL) and customer would like to get help from IBM support via community channel with the following questions.
Q1. If customer installed and use the Firefox from AIX tools box is affected or not?
Q2. Is there a way you verify in AIX level, if customer was installed Firefox from AIX tools box to make sure about "WebP" or "LibWebP" are not affected to AIX OS?
.
Regards,
Charin Kumjudpai.
------------------------------
CHARIN KUMJUDPAI
------------------------------
#AIXOpenSource