(RHSA-2024:5329) Important: firefox security update

2024-08-1316:11:58

access.redhat.com

mozilla

security update

fullscreen notification

out of bounds

type confusion

webassembly

csp strict-dynamic

webgl

use-after-free

indexeddb

ckm_chacha20

unix

cves

CVSS3

9.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

AI Score

9.6

Confidence

High

JSON

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

Firefox: 115.14/128.1 ESR ()
mozilla: Fullscreen notification dialog can be obscured by document content (CVE-2024-7518)
mozilla: Out of bounds memory access in graphics shared memory handling (CVE-2024-7519)
mozilla: Type confusion in WebAssembly (CVE-2024-7520)
mozilla: Incomplete WebAssembly exception handing (CVE-2024-7521)
mozilla: Out of bounds read in editor component (CVE-2024-7522)
mozilla: CSP strict-dynamic bypass using web-compatibility shims (CVE-2024-7524)
mozilla: Missing permission check when creating a StreamFilter (CVE-2024-7525)
mozilla: Uninitialized memory used by WebGL (CVE-2024-7526)
mozilla: Use-after-free in JavaScript garbage collection (CVE-2024-7527)
mozilla: Use-after-free in IndexedDB (CVE-2024-7528)
mozilla: Document content could partially obscure security prompts (CVE-2024-7529)
mozilla: nss: PK11_Encrypt using CKM_CHACHA20 can reveal plaintext on Intel Sandy Bridge machines (CVE-2024-7531)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8aarch64firefox-debugsource< 115.14.0-2.el8_8firefox-debugsource-115.14.0-2.el8_8.aarch64.rpm
RedHat8ppc64lefirefox-debugsource< 115.14.0-2.el8_8firefox-debugsource-115.14.0-2.el8_8.ppc64le.rpm
RedHat8ppc64lefirefox-debuginfo< 115.14.0-2.el8_8firefox-debuginfo-115.14.0-2.el8_8.ppc64le.rpm
RedHat8ppc64lefirefox< 115.14.0-2.el8_8firefox-115.14.0-2.el8_8.ppc64le.rpm
RedHat8s390xfirefox-debuginfo< 115.14.0-2.el8_8firefox-debuginfo-115.14.0-2.el8_8.s390x.rpm
RedHat8s390xfirefox-debugsource< 115.14.0-2.el8_8firefox-debugsource-115.14.0-2.el8_8.s390x.rpm
RedHat8aarch64firefox< 115.14.0-2.el8_8firefox-115.14.0-2.el8_8.aarch64.rpm
RedHat8x86_64firefox< 115.14.0-2.el8_8firefox-115.14.0-2.el8_8.x86_64.rpm
RedHat8x86_64firefox-debuginfo< 115.14.0-2.el8_8firefox-debuginfo-115.14.0-2.el8_8.x86_64.rpm
RedHat8s390xfirefox< 115.14.0-2.el8_8firefox-115.14.0-2.el8_8.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	aarch64	firefox-debugsource	< 115.14.0-2.el8_8	firefox-debugsource-115.14.0-2.el8_8.aarch64.rpm
RedHat	8	ppc64le	firefox-debugsource	< 115.14.0-2.el8_8	firefox-debugsource-115.14.0-2.el8_8.ppc64le.rpm
RedHat	8	ppc64le	firefox-debuginfo	< 115.14.0-2.el8_8	firefox-debuginfo-115.14.0-2.el8_8.ppc64le.rpm
RedHat	8	ppc64le	firefox	< 115.14.0-2.el8_8	firefox-115.14.0-2.el8_8.ppc64le.rpm
RedHat	8	s390x	firefox-debuginfo	< 115.14.0-2.el8_8	firefox-debuginfo-115.14.0-2.el8_8.s390x.rpm
RedHat	8	s390x	firefox-debugsource	< 115.14.0-2.el8_8	firefox-debugsource-115.14.0-2.el8_8.s390x.rpm
RedHat	8	aarch64	firefox	< 115.14.0-2.el8_8	firefox-115.14.0-2.el8_8.aarch64.rpm
RedHat	8	x86_64	firefox	< 115.14.0-2.el8_8	firefox-115.14.0-2.el8_8.x86_64.rpm
RedHat	8	x86_64	firefox-debuginfo	< 115.14.0-2.el8_8	firefox-debuginfo-115.14.0-2.el8_8.x86_64.rpm
RedHat	8	s390x	firefox	< 115.14.0-2.el8_8	firefox-115.14.0-2.el8_8.s390x.rpm