Bugzilla – Bug 1218955
VUL-0: MozillaFirefox / MozillaThunderbird: update to 122 and 115.7esr
Last modified: 2024-01-30 10:03:27 UTC
- Mozilla Firefox 122 MFSA 2024-01 * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-0744 (bmo#1871089) Wild pointer dereference in JavaScript * CVE-2024-0745 (bmo#1871838) Stack buffer overflow in WebAudio * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe- inline was set * CVE-2024-0748 (bmo#1783504) Compromised content process could modify document URI * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0752 (bmo#1866840) Use-after-free could occur when applying update on macOS * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0754 (bmo#1871605) Crash when using some WASM files in devtools * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 - Mozilla Firefox ESR 115.7 MFSA 2024-02 * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe- inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 - Mozilla Thunderbird 115.7 MFSA 2024-04 * CVE-2024-0741 (bmo#1864587) Out of bounds write in ANGLE * CVE-2024-0742 (bmo#1867152) Failure to update user input timestamp * CVE-2024-0746 (bmo#1660223) Crash when listing printers on Linux * CVE-2024-0747 (bmo#1764343) Bypass of Content Security Policy when directive unsafe- inline was set * CVE-2024-0749 (bmo#1813463) Phishing site popup could show local origin in address bar * CVE-2024-0750 (bmo#1863083) Potential permissions request bypass via clickjacking * CVE-2024-0751 (bmo#1865689) Privilege escalation through devtools * CVE-2024-0753 (bmo#1870262) HSTS policy on subdomain could bypass policy of upper domain * CVE-2024-0755 (bmo#1868456, bmo#1871445, bmo#1873701) Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7
This is an autogenerated message for OBS integration: This bug (1218955) was mentioned in https://build.opensuse.org/request/show/1141172 Factory / MozillaThunderbird
SUSE-SU-2024:0211-1: An update that solves nine vulnerabilities can now be installed. Category: security (important) Bug References: 1218955 CVE References: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.7.0-112.197.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.7.0-112.197.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.7.0-112.197.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.7.0-112.197.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0229-1: An update that solves nine vulnerabilities can now be installed. Category: security (important) Bug References: 1218955 CVE References: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 Sources used: openSUSE Leap 15.5 (src): MozillaFirefox-115.7.0-150200.152.123.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): MozillaFirefox-115.7.0-150200.152.123.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.7.0-150200.152.123.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0228-1: An update that solves nine vulnerabilities can now be installed. Category: security (important) Bug References: 1218955 CVE References: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.7.0-150000.150.122.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): MozillaFirefox-115.7.0-150000.150.122.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): MozillaFirefox-115.7.0-150000.150.122.1 SUSE CaaS Platform 4.0 (src): MozillaFirefox-115.7.0-150000.150.122.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1218955) was mentioned in https://build.opensuse.org/request/show/1141490 Factory / MozillaFirefox
SUSE-SU-2024:0242-1: An update that solves nine vulnerabilities can now be installed. Category: security (important) Bug References: 1218955 CVE References: CVE-2024-0741, CVE-2024-0742, CVE-2024-0746, CVE-2024-0747, CVE-2024-0749, CVE-2024-0750, CVE-2024-0751, CVE-2024-0753, CVE-2024-0755 Sources used: openSUSE Leap 15.5 (src): MozillaThunderbird-115.7.0-150200.8.145.1 SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.7.0-150200.8.145.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaThunderbird-115.7.0-150200.8.145.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.7.0-150200.8.145.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
released