[ALSA-2024:1908] firefox security update
firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.10.0 ESR.
Security Fix(es):
GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
Permission prompt input delay could expire when not in focus (CVE-2024-2609)
Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.3 | < 115.10.0-1.el9_3.alma.1 |
pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.3 | < 115.10.0-1.el9_3.alma.1 |
pkg:rpm/almalinux/firefox-x11?arch=x86_64&distro=almalinux-9.3 | < 115.10.0-1.el9_3.alma.1 |
pkg:rpm/almalinux/firefox-x11?arch=aarch64&distro=almalinux-9.3 | < 115.10.0-1.el9_3.alma.1 |
- ID
- ALSA-2024:1908
- Severity
- important
- URL
- https://errata.almalinux.org/ALSA-2024:1908.html
- Published
-
2024-04-18T00:00:00
(5 months ago) - Modified
-
2024-04-22T08:24:12
(4 months ago) - Rights
- Copyright 2024 AlmaLinux OS
- Other Advisories
-
- ALPINE:CVE-2024-3864
- ALSA-2024:1912
- ALSA-2024:1939
- ALSA-2024:1940
- DSA-5663-1
- DSA-5670-1
- ELSA-2024-1908
- ELSA-2024-1910
- ELSA-2024-1912
- GLSA-202405-32
- GLSA-202407-19
- GLSA-202408-02
- MFSA-2024-12
- MFSA-2024-18
- MFSA-2024-19
- MFSA-2024-20
- RHSA-2024:1908
- RHSA-2024:1910
- RHSA-2024:1912
- RHSA-2024:1935
- RHSA-2024:1939
- RHSA-2024:1940
- RLSA-2024:1908
- RLSA-2024:1912
- SSA:2024-107-01
- SUSE-SU-2024:1319-1
- SUSE-SU-2024:1350-1
- SUSE-SU-2024:1437-1
- SUSE-SU-2024:1676-1
- SUSE-SU-2024:1770-1
- USN-6703-1
- USN-6747-1
- USN-6750-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/almalinux/firefox?arch=x86_64&distro=almalinux-9.3 | almalinux | firefox | < 115.10.0-1.el9_3.alma.1 | almalinux-9.3 | x86_64 | |
Affected | pkg:rpm/almalinux/firefox?arch=aarch64&distro=almalinux-9.3 | almalinux | firefox | < 115.10.0-1.el9_3.alma.1 | almalinux-9.3 | aarch64 | |
Affected | pkg:rpm/almalinux/firefox-x11?arch=x86_64&distro=almalinux-9.3 | almalinux | firefox-x11 | < 115.10.0-1.el9_3.alma.1 | almalinux-9.3 | x86_64 | |
Affected | pkg:rpm/almalinux/firefox-x11?arch=aarch64&distro=almalinux-9.3 | almalinux | firefox-x11 | < 115.10.0-1.el9_3.alma.1 | almalinux-9.3 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |