Lucene search

K
redhatRedHatRHSA-2024:0955
HistoryFeb 26, 2024 - 12:09 a.m.

(RHSA-2024:0955) Important: firefox security update

2024-02-2600:09:09
access.redhat.com
46
mozilla
firefox
security update
out-of-bounds memory read
alert dialog spoofing
memory safety bugs
fullscreen notification
custom cursor
http responses
code generation
cve-2024-1546
cve-2024-1547
cve-2024-1553
cve-2024-1548
cve-2024-1549
cve-2024-1550
cve-2024-1551
cve-2024-1552

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

10.3%

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

This update upgrades Firefox to version 115.8.0 ESR.

Security Fix(es):

  • Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)

  • Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)

  • Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)

  • Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)

  • Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)

  • Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)

  • Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)

  • Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.8

Confidence

High

EPSS

0

Percentile

10.3%