|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: MozillaFirefox / MozillaThunderbird: update to 128.0 and 115.13esr / 128.0esr | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Martin Sirringhaus <martin.sirringhaus> |
| Component: | Incidents | Assignee: | Marcus Meissner <meissner> |
| Status: | NEW --- | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | fkrueger, meissner, wolfgang |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Comment 4
Maintenance Automation
2024-07-08 12:30:25 UTC
- Mozilla Firefox 128
MFSA 2024-29
* CVE-2024-6605 (bmo#1836786)
Firefox Android missed activation delay to prevent tapjacking
* CVE-2024-6606 (bmo#1902305)
Out-of-bounds read in clipboard component
* CVE-2024-6607 (bmo#1694513)
Leaving pointerlock by pressing the escape key could be
prevented
* CVE-2024-6608 (bmo#1743329)
Cursor could be moved out of the viewport using pointerlock.
* CVE-2024-6609 (bmo#1839258)
Memory corruption in NSS
* CVE-2024-6610 (bmo#1883396)
Form validation popups could block exiting full-screen mode
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6611 (bmo#1844827)
Incorrect handling of SameSite cookies
* CVE-2024-6612 (bmo#1880374)
CSP violation leakage when using devtools
* CVE-2024-6613 (bmo#1900523)
Incorrect listing of stack frames
* CVE-2024-6614 (bmo#1902983)
Incorrect listing of stack frames
* CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
and Thunderbird 115.13
* CVE-2024-6615 (bmo#1892875, bmo#1894428, bmo#1898364)
Memory safety bugs fixed in Firefox 128
- Mozilla Firefox ESR 115.13
MFSA 2024-30
* CVE-2024-6600 (bmo#1888340)
Memory corruption in WebGL API
* CVE-2024-6601 (bmo#1890748)
Race condition in permission assignment
* CVE-2024-6602 (bmo#1895032)
Memory corruption in NSS
* CVE-2024-6603 (bmo#1895081)
Memory corruption in thread creation
* CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266)
Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13,
and Thunderbird 115.13
SUSE-SU-2024:2371-1: An update that solves 13 vulnerabilities can now be installed. Category: security (important) Bug References: 1225278, 1226316 CVE References: CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702, CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 Maintenance Incident: [SUSE:Maintenance:34598](https://smelt.suse.de/incident/34598/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.13.0-112.218.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.13.0-112.218.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.13.0-112.218.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.13.0-112.218.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2024:2399-1: An update that solves 13 vulnerabilities can now be installed. Category: security (important) Bug References: 1225278, 1226316 CVE References: CVE-2024-5688, CVE-2024-5690, CVE-2024-5691, CVE-2024-5692, CVE-2024-5693, CVE-2024-5696, CVE-2024-5700, CVE-2024-5702, CVE-2024-6600, CVE-2024-6601, CVE-2024-6602, CVE-2024-6603, CVE-2024-6604 Maintenance Incident: [SUSE:Maintenance:34597](https://smelt.suse.de/incident/34597/) Sources used: openSUSE Leap 15.5 (src): MozillaFirefox-115.13.0-150200.152.143.1 openSUSE Leap 15.6 (src): MozillaFirefox-115.13.0-150200.152.143.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.13.0-150200.152.143.1 Desktop Applications Module 15-SP6 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): MozillaFirefox-115.13.0-150200.152.143.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.13.0-150200.152.143.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. (In reply to Martin Sirringhaus from comment #5) > - Mozilla Firefox 128 > MFSA 2024-29 > * CVE-2024-6605 (bmo#1836786) > Firefox Android missed activation delay to prevent tapjacking > * CVE-2024-6606 (bmo#1902305) > Out-of-bounds read in clipboard component > * CVE-2024-6607 (bmo#1694513) > Leaving pointerlock by pressing the escape key could be > prevented > * CVE-2024-6608 (bmo#1743329) > Cursor could be moved out of the viewport using pointerlock. > * CVE-2024-6609 (bmo#1839258) > Memory corruption in NSS > * CVE-2024-6610 (bmo#1883396) > Form validation popups could block exiting full-screen mode > * CVE-2024-6600 (bmo#1888340) > Memory corruption in WebGL API > * CVE-2024-6601 (bmo#1890748) > Race condition in permission assignment > * CVE-2024-6602 (bmo#1895032) > Memory corruption in NSS > * CVE-2024-6603 (bmo#1895081) > Memory corruption in thread creation > * CVE-2024-6611 (bmo#1844827) > Incorrect handling of SameSite cookies > * CVE-2024-6612 (bmo#1880374) > CSP violation leakage when using devtools > * CVE-2024-6613 (bmo#1900523) > Incorrect listing of stack frames > * CVE-2024-6614 (bmo#1902983) > Incorrect listing of stack frames > * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) > Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, > and Thunderbird 115.13 > * CVE-2024-6615 (bmo#1892875, bmo#1894428, bmo#1898364) > Memory safety bugs fixed in Firefox 128 > > - Mozilla Firefox ESR 115.13 > MFSA 2024-30 > * CVE-2024-6600 (bmo#1888340) > Memory corruption in WebGL API > * CVE-2024-6601 (bmo#1890748) > Race condition in permission assignment > * CVE-2024-6602 (bmo#1895032) > Memory corruption in NSS > * CVE-2024-6603 (bmo#1895081) > Memory corruption in thread creation > * CVE-2024-6604 (bmo#1748105, bmo#1837550, bmo#1884266) > Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, > and Thunderbird 115.13 JFYI: There doesn't seem to be any SR for FF 128 to Tumbleweed, nor have the recent versions of FF and TB been published in the Mozilla:repo yet. This is an autogenerated message for OBS integration: This bug (1226316) was mentioned in https://build.opensuse.org/request/show/1187370 Factory / MozillaThunderbird This is an autogenerated message for OBS integration: This bug (1226316) was mentioned in https://build.opensuse.org/request/show/1187677 Factory / MozillaFirefox |