[GLSA-202408-02] Mozilla Firefox: Multiple Vulnerabilities

Severity High

Affected Packages 4

Unaffected Packages 4

CVEs 35

Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution.

Background
Mozilla Firefox is a popular open-source web browser from the Mozilla project.

Description
Multiple vulnerabilities have been discovered in Mozilla Firefox. Please review the CVE identifiers referenced below for details.

Impact
Please review the referenced CVE identifiers for details.

Workaround
There is no known workaround at this time.

Resolution
All Mozilla Firefox binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-127.0:rapid"

All Mozilla Firefox users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-127.0:rapid"

All Mozilla Firefox ESR users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-115.12.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.12.0:esr"

Package	Affected Version
pkg:ebuild/www-client/firefox?distro=gentoo	< 127.0
pkg:ebuild/www-client/firefox?distro=gentoo	< 115.12.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo	< 127.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo	< 115.12.0

Package	Unaffected Version
pkg:ebuild/www-client/firefox?distro=gentoo	>= 127.0
pkg:ebuild/www-client/firefox?distro=gentoo	>= 115.12.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo	>= 127.0
pkg:ebuild/www-client/firefox-bin?distro=gentoo	>= 115.12.0

ID

GLSA-202408-02

Severity

high

URL

https://security.gentoo.org/glsa/202408-02

Published

2024-08-06T00:00:00
(5 weeks ago)

Modified

2024-08-06T00:00:00
(5 weeks ago)

Rights

Gentoo Foundation, Inc.

Other Advisories

Source	# ID	Name	URL
CVE	CVE-2024-2609	CVE-2024-2609	https://nvd.nist.gov/vuln/detail/CVE-2024-2609
CVE	CVE-2024-3302	CVE-2024-3302	https://nvd.nist.gov/vuln/detail/CVE-2024-3302
CVE	CVE-2024-3853	CVE-2024-3853	https://nvd.nist.gov/vuln/detail/CVE-2024-3853
CVE	CVE-2024-3854	CVE-2024-3854	https://nvd.nist.gov/vuln/detail/CVE-2024-3854
CVE	CVE-2024-3855	CVE-2024-3855	https://nvd.nist.gov/vuln/detail/CVE-2024-3855
CVE	CVE-2024-3856	CVE-2024-3856	https://nvd.nist.gov/vuln/detail/CVE-2024-3856
CVE	CVE-2024-3857	CVE-2024-3857	https://nvd.nist.gov/vuln/detail/CVE-2024-3857
CVE	CVE-2024-3858	CVE-2024-3858	https://nvd.nist.gov/vuln/detail/CVE-2024-3858
CVE	CVE-2024-3859	CVE-2024-3859	https://nvd.nist.gov/vuln/detail/CVE-2024-3859
CVE	CVE-2024-3860	CVE-2024-3860	https://nvd.nist.gov/vuln/detail/CVE-2024-3860
CVE	CVE-2024-3861	CVE-2024-3861	https://nvd.nist.gov/vuln/detail/CVE-2024-3861
CVE	CVE-2024-3862	CVE-2024-3862	https://nvd.nist.gov/vuln/detail/CVE-2024-3862
CVE	CVE-2024-3864	CVE-2024-3864	https://nvd.nist.gov/vuln/detail/CVE-2024-3864
CVE	CVE-2024-3865	CVE-2024-3865	https://nvd.nist.gov/vuln/detail/CVE-2024-3865
CVE	CVE-2024-4764	CVE-2024-4764	https://nvd.nist.gov/vuln/detail/CVE-2024-4764
CVE	CVE-2024-4765	CVE-2024-4765	https://nvd.nist.gov/vuln/detail/CVE-2024-4765
CVE	CVE-2024-4766	CVE-2024-4766	https://nvd.nist.gov/vuln/detail/CVE-2024-4766
CVE	CVE-2024-4771	CVE-2024-4771	https://nvd.nist.gov/vuln/detail/CVE-2024-4771
CVE	CVE-2024-4772	CVE-2024-4772	https://nvd.nist.gov/vuln/detail/CVE-2024-4772
CVE	CVE-2024-4773	CVE-2024-4773	https://nvd.nist.gov/vuln/detail/CVE-2024-4773
CVE	CVE-2024-4774	CVE-2024-4774	https://nvd.nist.gov/vuln/detail/CVE-2024-4774
CVE	CVE-2024-4775	CVE-2024-4775	https://nvd.nist.gov/vuln/detail/CVE-2024-4775
CVE	CVE-2024-4776	CVE-2024-4776	https://nvd.nist.gov/vuln/detail/CVE-2024-4776
CVE	CVE-2024-4778	CVE-2024-4778	https://nvd.nist.gov/vuln/detail/CVE-2024-4778
CVE	CVE-2024-5689	CVE-2024-5689	https://nvd.nist.gov/vuln/detail/CVE-2024-5689
CVE	CVE-2024-5693	CVE-2024-5693	https://nvd.nist.gov/vuln/detail/CVE-2024-5693
CVE	CVE-2024-5694	CVE-2024-5694	https://nvd.nist.gov/vuln/detail/CVE-2024-5694
CVE	CVE-2024-5695	CVE-2024-5695	https://nvd.nist.gov/vuln/detail/CVE-2024-5695
CVE	CVE-2024-5696	CVE-2024-5696	https://nvd.nist.gov/vuln/detail/CVE-2024-5696
CVE	CVE-2024-5697	CVE-2024-5697	https://nvd.nist.gov/vuln/detail/CVE-2024-5697
CVE	CVE-2024-5698	CVE-2024-5698	https://nvd.nist.gov/vuln/detail/CVE-2024-5698
CVE	CVE-2024-5699	CVE-2024-5699	https://nvd.nist.gov/vuln/detail/CVE-2024-5699
CVE	CVE-2024-5700	CVE-2024-5700	https://nvd.nist.gov/vuln/detail/CVE-2024-5700
CVE	CVE-2024-5701	CVE-2024-5701	https://nvd.nist.gov/vuln/detail/CVE-2024-5701
CVE	CVE-2024-5702	CVE-2024-5702	https://nvd.nist.gov/vuln/detail/CVE-2024-5702
Vendor		MFSA-2024-25
Vendor		MFSA-2024-26
Vendor		MFSA-2024-28
Bugzilla	930380	Bugzilla #930380	https://bugs.gentoo.org/show_bug.cgi?id=930380
Bugzilla	932374	Bugzilla #932374	https://bugs.gentoo.org/show_bug.cgi?id=932374
Bugzilla	935550	Bugzilla #935550	https://bugs.gentoo.org/show_bug.cgi?id=935550

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:ebuild/www-client/firefox?distro=gentoo	www-client	firefox	< 127.0	gentoo
Affected	pkg:ebuild/www-client/firefox?distro=gentoo	www-client	firefox	< 115.12.0	gentoo
Unaffected	pkg:ebuild/www-client/firefox?distro=gentoo	www-client	firefox	>= 127.0	gentoo
Unaffected	pkg:ebuild/www-client/firefox?distro=gentoo	www-client	firefox	>= 115.12.0	gentoo
Affected	pkg:ebuild/www-client/firefox-bin?distro=gentoo	www-client	firefox-bin	< 127.0	gentoo
Affected	pkg:ebuild/www-client/firefox-bin?distro=gentoo	www-client	firefox-bin	< 115.12.0	gentoo
Unaffected	pkg:ebuild/www-client/firefox-bin?distro=gentoo	www-client	firefox-bin	>= 127.0	gentoo
Unaffected	pkg:ebuild/www-client/firefox-bin?distro=gentoo	www-client	firefox-bin	>= 115.12.0	gentoo

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date