Bugzilla – Bug 1224056
VUL-0: MozillaFirefox / MozillaThunderbird: update to 126.0 and 115.11esr
Last modified: 2024-06-10 07:40:11 UTC
CVE-2024-4764: Use-after-free when audio input connected with multiple consumers CVE-2024-4367: Arbitrary JavaScript execution in PDF.js CVE-2024-4765: Web application manifests could have been overwritten via hash collision CVE-2024-4766: Fullscreen notification could have been obscured on Firefox for Android CVE-2024-4767: IndexedDB files retained in private browsing mode CVE-2024-4768: Potential permissions request bypass via clickjacking CVE-2024-4769: Cross-origin responses could be distinguished between script and non-script content-types CVE-2024-4770: Use-after-free could occur when printing to PDF CVE-2024-4771: Failed allocation could lead to use-after-free CVE-2024-4772: Use of insecure rand() function to generate nonce CVE-2024-4777: Memory safety bugs fixed in Firefox 126, Firefox ESR 115.11, and Thunderbird 115.11 https://www.mozilla.org/en-US/security/advisories/mfsa2024-21/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-22/ https://www.mozilla.org/en-US/security/advisories/mfsa2024-23/
And these as well: CVE-2024-4773: URL bar could be cleared after network error CVE-2024-4775: Invalid memory access in the built-in profiler CVE-2024-4776: Window may remain disabled after file dialog is shown in full-screen CVE-2024-4778: Memory safety bugs fixed in Firefox 126
Missed this one as well, sorry: CVE-2024-4774: Undefined behavior in ShmemCharMapHashEntry()
SUSE-SU-2024:1676-1: An update that solves 15 vulnerabilities can now be installed. Category: security (important) Bug References: 1222535, 1224056 CVE References: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864, CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 Maintenance Incident: [SUSE:Maintenance:33812](https://smelt.suse.de/incident/33812/) Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): MozillaFirefox-115.11.0-112.212.1 SUSE Linux Enterprise Server 12 SP5 (src): MozillaFirefox-115.11.0-112.212.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): MozillaFirefox-115.11.0-112.212.1 SUSE Linux Enterprise Software Development Kit 12 SP5 (src): MozillaFirefox-115.11.0-112.212.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1224056) was mentioned in https://build.opensuse.org/request/show/1175472 Factory / MozillaFirefox
This is an autogenerated message for OBS integration: This bug (1224056) was mentioned in https://build.opensuse.org/request/show/1175556 Factory / MozillaThunderbird
SUSE-SU-2024:1770-1: An update that solves 15 vulnerabilities can now be installed. Category: security (important) Bug References: 1222535, 1224056 CVE References: CVE-2024-2609, CVE-2024-3302, CVE-2024-3852, CVE-2024-3854, CVE-2024-3857, CVE-2024-3859, CVE-2024-3861, CVE-2024-3863, CVE-2024-3864, CVE-2024-4367, CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4770, CVE-2024-4777 Maintenance Incident: [SUSE:Maintenance:33810](https://smelt.suse.de/incident/33810/) Sources used: openSUSE Leap 15.5 (src): MozillaFirefox-115.11.0-150200.152.137.2 openSUSE Leap 15.6 (src): MozillaFirefox-115.11.0-150200.152.137.2 Desktop Applications Module 15-SP5 (src): MozillaFirefox-115.11.0-150200.152.137.2 Desktop Applications Module 15-SP6 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): MozillaFirefox-115.11.0-150200.152.137.2 SUSE Enterprise Storage 7.1 (src): MozillaFirefox-115.11.0-150200.152.137.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.