[RLSA-2024:1912] firefox security update
An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.10.0 ESR.
Security Fix(es):
GetBoundName in the JIT returned the wrong object (CVE-2024-3852)
Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)
Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857)
Permission prompt input delay could expire when not in focus (CVE-2024-2609)
Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859)
Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)
Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Package | Affected Version |
---|---|
pkg:rpm/rockylinux/firefox?arch=x86_64&distro=rockylinux-8.9 | < 115.10.0-1.el8_9 |
pkg:rpm/rockylinux/firefox?arch=aarch64&distro=rockylinux-8.9 | < 115.10.0-1.el8_9 |
- ID
- RLSA-2024:1912
- Severity
- important
- URL
- https://errata.rockylinux.org/RLSA-2024:1912
- Published
-
2024-05-06T13:04:21
(4 months ago) - Modified
-
2024-05-06T13:06:53
(4 months ago) - Rights
- Copyright 2024 Rocky Enterprise Software Foundation
- Other Advisories
-
- ALPINE:CVE-2024-3864
- ALSA-2024:1908
- ALSA-2024:1912
- ALSA-2024:1939
- ALSA-2024:1940
- DSA-5663-1
- DSA-5670-1
- ELSA-2024-1908
- ELSA-2024-1910
- ELSA-2024-1912
- GLSA-202405-32
- GLSA-202407-19
- GLSA-202408-02
- MFSA-2024-12
- MFSA-2024-18
- MFSA-2024-19
- MFSA-2024-20
- RHSA-2024:1908
- RHSA-2024:1910
- RHSA-2024:1912
- RHSA-2024:1935
- RHSA-2024:1939
- RHSA-2024:1940
- RLSA-2024:1908
- SSA:2024-107-01
- SUSE-SU-2024:1319-1
- SUSE-SU-2024:1350-1
- SUSE-SU-2024:1437-1
- SUSE-SU-2024:1676-1
- SUSE-SU-2024:1770-1
- USN-6703-1
- USN-6747-1
- USN-6750-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/rockylinux/firefox?arch=x86_64&distro=rockylinux-8.9 | rockylinux | firefox | < 115.10.0-1.el8_9 | rockylinux-8.9 | x86_64 | |
Affected | pkg:rpm/rockylinux/firefox?arch=aarch64&distro=rockylinux-8.9 | rockylinux | firefox | < 115.10.0-1.el8_9 | rockylinux-8.9 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |