Bugzilla – Bug 1221327
VUL-0: MozillaFirefox / MozillaThunderbird: update to 124 and 115.9esr
Last modified: 2024-07-03 05:35:35 UTC
- Mozilla Firefox 124 MFSA 2024-12 * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2606 (bmo#1879237) Mishandling of WASM register values * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2609 (bmo#1866100) Permission prompt input delay could expire when not in focus * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2613 (bmo#1875701) Improper handling of QUIC ACK frame data could have led to OOM * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 * CVE-2024-2615 (bmo#1881074, bmo#1882438) Memory safety bugs fixed in Firefox 124 - Mozilla Firefox ESR 115.9 MFSA 2024-13 * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 - Mozilla Thunderbird 115.9 MFSA 2024-14 * CVE-2024-0743 (bmo#1867408) Crash in NSS TLS method * CVE-2024-2605 (bmo#1872920) Windows Error Reporter could be used as a Sandbox escape vector * CVE-2024-2607 (bmo#1879939) JIT code failed to save return registers on Armv7-A * CVE-2024-2608 (bmo#1880692) Integer overflow could have led to out of bounds write * CVE-2024-2616 (bmo#1846197) Improve handling of out-of-memory conditions in ICU * CVE-2023-5388 (bmo#1780432) NSS susceptible to timing attack against RSA decryption * CVE-2024-2610 (bmo#1871112) Improper handling of html and body tags enabled CSP nonce leakage * CVE-2024-2611 (bmo#1876675) Clickjacking vulnerability could have led to a user accidentally granting permissions * CVE-2024-2612 (bmo#1879444) Self referencing object could have potentially led to a use- after-free * CVE-2024-2614 (bmo#1685358, bmo#1861016, bmo#1880405, bmo#1881093) Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9
CVE-2023-5388 and CVE-2024-0743 are already fixed for ESR with NSS 3.90.2.
This is an autogenerated message for OBS integration: This bug (1221327) was mentioned in https://build.opensuse.org/request/show/1160556 Factory / MozillaThunderbird
SUSE-SU-2024:0971-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1221327 CVE References: CVE-2023-5388, CVE-2024-0743, CVE-2024-2605, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616 Maintenance Incident: [SUSE:Maintenance:32974](https://smelt.suse.de/incident/32974/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.9.0-112.203.2 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.9.0-112.203.2 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.9.0-112.203.2 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.9.0-112.203.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1221327) was mentioned in https://build.opensuse.org/request/show/1160726 Factory / MozillaFirefox
SUSE-SU-2024:1002-1: An update that solves 19 vulnerabilities can now be installed. Category: security (critical) Bug References: 1220048, 1221327, 1221850 CVE References: CVE-2023-5388, CVE-2024-0743, CVE-2024-1546, CVE-2024-1547, CVE-2024-1548, CVE-2024-1549, CVE-2024-1550, CVE-2024-1551, CVE-2024-1552, CVE-2024-1553, CVE-2024-2605, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616, CVE-2024-29944 Maintenance Incident: [SUSE:Maintenance:32985](https://smelt.suse.de/incident/32985/) Sources used: openSUSE Leap 15.5 (src): MozillaFirefox-115.9.1-150200.152.131.1 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): MozillaFirefox-115.9.1-150200.152.131.1 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.9.1-150200.152.131.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1147-1: An update that solves 10 vulnerabilities can now be installed. Category: security (important) Bug References: 1221327 CVE References: CVE-2023-5388, CVE-2024-0743, CVE-2024-2605, CVE-2024-2607, CVE-2024-2608, CVE-2024-2610, CVE-2024-2611, CVE-2024-2612, CVE-2024-2614, CVE-2024-2616 Maintenance Incident: [SUSE:Maintenance:33020](https://smelt.suse.de/incident/33020/) Sources used: openSUSE Leap 15.5 (src): MozillaThunderbird-115.9.0-150200.8.154.1 SUSE Package Hub 15 15-SP5 (src): MozillaThunderbird-115.9.0-150200.8.154.1 SUSE Linux Enterprise Workstation Extension 15 SP5 (src): MozillaThunderbird-115.9.0-150200.8.154.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.