Lucene search

GoogleOSV:ALSA-2024:0603

HistoryJan 30, 2024 - 12:00 a.m.

Important: firefox security update

2024-01-3000:00:00

Google

osv.dev

mozilla

firefox

security update

version 115.7.0 esr

angle

cve-2024-0741

user input timestamp

cve-2024-0742

linux printers

cve-2024-0746

content security policy

cve-2024-0747

phishing site popup

cve-2024-0749

clickjacking

cve-2024-0750

devtools

cve-2024-0751

hsts policy

cve-2024-0753

memory safety bugs

cve-2024-0755

software

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

33.0%

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.7.0 ESR.

Security Fix(es):

Mozilla: Out of bounds write in ANGLE (CVE-2024-0741)
Mozilla: Failure to update user input timestamp (CVE-2024-0742)
Mozilla: Crash when listing printers on Linux (CVE-2024-0746)
Mozilla: Bypass of Content Security Policy when directive unsafe-inline was set (CVE-2024-0747)
Mozilla: Phishing site popup could show local origin in address bar (CVE-2024-0749)
Mozilla: Potential permissions request bypass via clickjacking (CVE-2024-0750)
Mozilla: Privilege escalation through devtools (CVE-2024-0751)
Mozilla: HSTS policy on subdomain could bypass policy of upper domain (CVE-2024-0753)
Mozilla: Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 (CVE-2024-0755)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.