(RHSA-2024:5327) Important: firefox security update

2024-08-1316:11:46

access.redhat.com

mozilla firefox

security update

cve-2024-7518

cve-2024-7519

cve-2024-7520

cve-2024-7521

cve-2024-7522

cve-2024-7524

cve-2024-7525

cve-2024-7526

cve-2024-7527

cve-2024-7528

cve-2024-7529

cve-2024-7531

nss

unix

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

Firefox: 115.14/128.1 ESR ()
mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
mozilla: Type confusion in WebAssembly (CVE-2024-7520)
mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
mozilla: Out of bounds read in editor component (CVE-2024-7522)
mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)
mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
mozilla: Document content could partially obscure security prompts (CVE-2024-7529)
mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat9aarch64firefox-debuginfo< 115.14.0-2.el9_0firefox-debuginfo-115.14.0-2.el9_0.aarch64.rpm
RedHat9x86_64firefox< 115.14.0-2.el9_0firefox-115.14.0-2.el9_0.x86_64.rpm
RedHat9ppc64lefirefox< 115.14.0-2.el9_0firefox-115.14.0-2.el9_0.ppc64le.rpm
RedHat9aarch64firefox< 115.14.0-2.el9_0firefox-115.14.0-2.el9_0.aarch64.rpm
RedHat9x86_64firefox-debugsource< 115.14.0-2.el9_0firefox-debugsource-115.14.0-2.el9_0.x86_64.rpm
RedHat9x86_64firefox-debuginfo< 115.14.0-2.el9_0firefox-debuginfo-115.14.0-2.el9_0.x86_64.rpm
RedHat9s390xfirefox-debugsource< 115.14.0-2.el9_0firefox-debugsource-115.14.0-2.el9_0.s390x.rpm
RedHat9s390xfirefox< 115.14.0-2.el9_0firefox-115.14.0-2.el9_0.s390x.rpm
RedHat9ppc64lefirefox-debugsource< 115.14.0-2.el9_0firefox-debugsource-115.14.0-2.el9_0.ppc64le.rpm
RedHat9aarch64firefox-debugsource< 115.14.0-2.el9_0firefox-debugsource-115.14.0-2.el9_0.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	9	aarch64	firefox-debuginfo	< 115.14.0-2.el9_0	firefox-debuginfo-115.14.0-2.el9_0.aarch64.rpm
RedHat	9	x86_64	firefox	< 115.14.0-2.el9_0	firefox-115.14.0-2.el9_0.x86_64.rpm
RedHat	9	ppc64le	firefox	< 115.14.0-2.el9_0	firefox-115.14.0-2.el9_0.ppc64le.rpm
RedHat	9	aarch64	firefox	< 115.14.0-2.el9_0	firefox-115.14.0-2.el9_0.aarch64.rpm
RedHat	9	x86_64	firefox-debugsource	< 115.14.0-2.el9_0	firefox-debugsource-115.14.0-2.el9_0.x86_64.rpm
RedHat	9	x86_64	firefox-debuginfo	< 115.14.0-2.el9_0	firefox-debuginfo-115.14.0-2.el9_0.x86_64.rpm
RedHat	9	s390x	firefox-debugsource	< 115.14.0-2.el9_0	firefox-debugsource-115.14.0-2.el9_0.s390x.rpm
RedHat	9	s390x	firefox	< 115.14.0-2.el9_0	firefox-115.14.0-2.el9_0.s390x.rpm
RedHat	9	ppc64le	firefox-debugsource	< 115.14.0-2.el9_0	firefox-debugsource-115.14.0-2.el9_0.ppc64le.rpm
RedHat	9	aarch64	firefox-debugsource	< 115.14.0-2.el9_0	firefox-debugsource-115.14.0-2.el9_0.aarch64.rpm