Lucene search
AlmaLinuxALSA-2024:1484HistoryMar 25, 2024 - 12:00 a.m.
Critical: firefox security update
2024-03-2500:00:00
errata.almalinux.org
9
mozilla
firefox
security update
nss
cve-2023-5388
cve-2024-0743
armv7-a
cve-2024-2608
cve-2024-2616
clickjacking vulnerability
memory safety bugs
thunderbird
cve-2024-29944
cvss score
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.
This update upgrades Firefox to version 115.9.1 ESR.
Security Fix(es):
- nss: timing attack against RSA decryption (CVE-2023-5388)
- Mozilla: Crash in NSS TLS method (CVE-2024-0743)
- Mozilla: JIT code failed to save return registers on Armv7-A (CVE-2024-2607)
- Mozilla: Integer overflow could have led to out of bounds write (CVE-2024-2608)
- Mozilla: Improve handling of out-of-memory conditions in ICU (CVE-2024-2616)
- Mozilla: Improper handling of html and body tags enabled CSP nonce leakage (CVE-2024-2610)
- Mozilla: Clickjacking vulnerability could have led to a user accidentally granting permissions (CVE-2024-2611)
- Mozilla: Self referencing object could have potentially led to a use-after-free (CVE-2024-2612)
- Mozilla: Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 (CVE-2024-2614)
- Mozilla: Privileged JavaScript Execution via Event Handlers (CVE-2024-29944)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| almalinux | 8 | aarch64 | firefox | < 115.9.1-1.el8_9.alma.1 | firefox-115.9.1-1.el8_9.alma.1.aarch64.rpm |
| almalinux | 8 | x86_64 | firefox | < 115.9.1-1.el8_9.alma.1 | firefox-115.9.1-1.el8_9.alma.1.x86_64.rpm |
| almalinux | 8 | ppc64le | firefox | < 115.9.1-1.el8_9.alma.1 | firefox-115.9.1-1.el8_9.alma.1.ppc64le.rpm |
| almalinux | 8 | s390x | firefox | < 115.9.1-1.el8_9.alma.1 | firefox-115.9.1-1.el8_9.alma.1.s390x.rpm |
References
access.redhat.com/errata/RHSA-2024:1484
access.redhat.com/security/cve/CVE-2023-5388
access.redhat.com/security/cve/CVE-2024-0743
access.redhat.com/security/cve/CVE-2024-2607
access.redhat.com/security/cve/CVE-2024-2608
access.redhat.com/security/cve/CVE-2024-2610
access.redhat.com/security/cve/CVE-2024-2611
access.redhat.com/security/cve/CVE-2024-2612
access.redhat.com/security/cve/CVE-2024-2614
access.redhat.com/security/cve/CVE-2024-2616
access.redhat.com/security/cve/CVE-2024-29944
bugzilla.redhat.com/2243644
bugzilla.redhat.com/2260012
bugzilla.redhat.com/2270660
bugzilla.redhat.com/2270661
bugzilla.redhat.com/2270662
bugzilla.redhat.com/2270663
bugzilla.redhat.com/2270664
bugzilla.redhat.com/2270665
bugzilla.redhat.com/2270666
bugzilla.redhat.com/2271064
errata.almalinux.org/8/ALSA-2024-1484.html
Related
nessus
nessus
CentOS 8 : firefox (CESA-2024:1484)
2024-04-08 00:00:00
RHEL 9 : firefox (RHSA-2024:1487)
2024-03-25 00:00:00
Rocky Linux 8 : firefox (RLSA-2024:1484)
2024-03-27 00:00:00
mageia
mageia
Updated nss firefox, nss packages fix security vulnerabilities
2024-03-27 22:24:13
Updated thunderbird packages fix security vulnerabilities
2024-03-27 22:40:25
redhat
redhat
(RHSA-2024:1488) Critical: firefox security update
2024-03-25 18:21:05
(RHSA-2024:1486) Critical: firefox security update
2024-03-25 18:20:50
(RHSA-2024:1489) Critical: firefox security update
2024-03-25 18:21:12
rocky
rocky
firefox security update
2024-03-27 04:34:32
thunderbird security update
2024-03-27 04:34:32
osv
osv
Critical: firefox security update
2024-03-27 04:34:32
Critical: firefox security update
2024-03-25 00:00:00
firefox-esr - security update
2024-03-25 00:00:00
openvas
openvas
CentOS: Security Advisory for firefox (CESA-2024:1486)
2024-04-04 00:00:00
Mageia: Security Advisory (MGASA-2024-0092)
2024-04-05 00:00:00
Ubuntu: Security Advisory (USN-6717-1)
2024-03-27 00:00:00
oraclelinux
oraclelinux
firefox security update
2024-03-26 00:00:00
firefox security update
2024-03-26 00:00:00
firefox security update
2024-03-26 00:00:00
debian
debian
[SECURITY] [DLA 3775-1] firefox-esr security update
2024-03-25 15:40:42
[SECURITY] [DSA 5643-1] firefox-esr security update
2024-03-21 19:19:35
[SECURITY] [DLA 3769-1] thunderbird security update
2024-03-23 11:23:00
almalinux
almalinux
Critical: firefox security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
Moderate: thunderbird security update
2024-03-25 00:00:00
centos
centos
firefox security update
2024-04-03 14:00:43
thunderbird security update
2024-04-03 14:01:39
ubuntu
ubuntu
Thunderbird vulnerabilities
2024-03-26 00:00:00
Firefox vulnerabilities
2024-03-20 00:00:00
mozilla
mozilla
Security Vulnerabilities fixed in Firefox ESR 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Thunderbird 115.9 — Mozilla
2024-03-19 00:00:00
Security Vulnerabilities fixed in Firefox 124 — Mozilla
2024-03-19 00:00:00
amazon
amazon
Important: thunderbird
2024-03-27 21:32:00
slackware
slackware
[slackware-security] mozilla-thunderbird
2024-03-20 00:28:21
[slackware-security] mozilla-firefox
2024-03-20 00:27:50
[slackware-security] mozilla-firefox
2024-03-23 19:41:05
kaspersky
kaspersky
KLA65225 Multiple vulnerabilities in Mozilla Firefox ESR
2024-03-19 00:00:00
KLA65226 Multiple vulnerabilities in Mozilla Thunderbird
2024-03-19 00:00:00
KLA65224 Multiple vulnerabilities in Mozilla Firefox
2024-03-19 00:00:00
redhatcve
redhatcve
debiancve
debiancve
veracode
veracode
Privilege Escalation
2024-03-24 12:13:55
Unchecked Return Value
2024-02-03 03:04:18
Permissions Bypass
2024-03-25 01:32:30
ubuntucve
ubuntucve
cve
cve
cgr
cgr
CVE-2024-29944 vulnerabilities
2024-05-19 03:07:16
CVE-2024-2607 vulnerabilities
2024-05-19 03:07:16
CVE-2024-2608 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
cvelist
cvelist
cnvd
cnvd
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14978)
2024-03-21 00:00:00
Code execution vulnerability in multiple Mozilla products (CNVD-2024-14977)
2024-03-21 00:00:00
Mozilla Firefox ESR and Thunderbird Denial of Service Vulnerabilities
2024-03-21 00:00:00