[ALSA-2024:0608] firefox security update

Severity Important

Affected Packages 2

CVEs 9

firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
Mozilla: Failure to update user input timestamp (CVE-2024-0742)
Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
Mozilla: Privilege escalation through devtools (CVE-2024-0751)
Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package	Affected Version
pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.9	< 115.7.0-1.el8_9.alma.1
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.9	< 115.7.0-1.el8_9.alma.1

ID

ALSA-2024:0608

Severity

important

URL

https://errata.almalinux.org/ALSA-2024:0608.html

Published

2024-01-30T00:00:00
(7 months ago)

Modified

2024-02-01T09:58:53
(7 months ago)

Rights

Other Advisories

Source	# ID	URL
RHSA	RHSA-2024:0608	https://access.redhat.com/errata/RHSA-2024:0608
CVE	CVE-2024-0741	https://access.redhat.com/security/cve/CVE-2024-0741
CVE	CVE-2024-0742	https://access.redhat.com/security/cve/CVE-2024-0742
CVE	CVE-2024-0746	https://access.redhat.com/security/cve/CVE-2024-0746
CVE	CVE-2024-0747	https://access.redhat.com/security/cve/CVE-2024-0747
CVE	CVE-2024-0749	https://access.redhat.com/security/cve/CVE-2024-0749
CVE	CVE-2024-0750	https://access.redhat.com/security/cve/CVE-2024-0750
CVE	CVE-2024-0751	https://access.redhat.com/security/cve/CVE-2024-0751
CVE	CVE-2024-0753	https://access.redhat.com/security/cve/CVE-2024-0753
CVE	CVE-2024-0755	https://access.redhat.com/security/cve/CVE-2024-0755
Bugzilla	2259926	https://bugzilla.redhat.com/2259926
Bugzilla	2259927	https://bugzilla.redhat.com/2259927
Bugzilla	2259928	https://bugzilla.redhat.com/2259928
Bugzilla	2259929	https://bugzilla.redhat.com/2259929
Bugzilla	2259930	https://bugzilla.redhat.com/2259930
Bugzilla	2259931	https://bugzilla.redhat.com/2259931
Bugzilla	2259932	https://bugzilla.redhat.com/2259932
Bugzilla	2259933	https://bugzilla.redhat.com/2259933
Bugzilla	2259934	https://bugzilla.redhat.com/2259934
Self	ALSA-2024:0608	https://errata.almalinux.org/8/ALSA-2024-0608.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-8.9	almalinux	firefox	< 115.7.0-1.el8_9.alma.1	almalinux-8.9	x86_64
Affected	pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-8.9	almalinux	firefox	< 115.7.0-1.el8_9.alma.1	almalinux-8.9	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date