GoogleOSV:SUSE-SU-2024:2399-1Security update for MozillaFirefox
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
This update for MozillaFirefox fixes the following issues:
Update to Firefox Extended Support Release 115.13.0 ESR (MFSA 2024-30, bsc#1226316):
- CVE-2024-6600: Memory corruption in WebGL API
- CVE-2024-6601: Race condition in permission assignment
- CVE-2024-6602: Memory corruption in NSS
- CVE-2024-6603: Memory corruption in thread creation
- CVE-2024-6604: Memory safety bugs fixed in Firefox 128, Firefox ESR 115.13, and Thunderbird 115.13
Other fixes:
- Fix GNOME search provider (bsc#1225278)
References
bugzilla.suse.com/1225278
bugzilla.suse.com/1226316
www.suse.com/security/cve/CVE-2024-5688
www.suse.com/security/cve/CVE-2024-5690
www.suse.com/security/cve/CVE-2024-5691
www.suse.com/security/cve/CVE-2024-5692
www.suse.com/security/cve/CVE-2024-5693
www.suse.com/security/cve/CVE-2024-5696
www.suse.com/security/cve/CVE-2024-5700
www.suse.com/security/cve/CVE-2024-5702
www.suse.com/security/cve/CVE-2024-6600
www.suse.com/security/cve/CVE-2024-6601
www.suse.com/security/cve/CVE-2024-6602
www.suse.com/security/cve/CVE-2024-6603
www.suse.com/security/cve/CVE-2024-6604
www.suse.com/support/update/announcement/2024/suse-su-20242399-1/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High