An update for firefox is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
This update upgrades Firefox to version 115.8.0 ESR.
Security Fix(es):
* Mozilla: Out-of-bounds memory read in networking channels (CVE-2024-1546)
* Mozilla: Alert dialog could have been spoofed on another site (CVE-2024-1547)
* Mozilla: Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 (CVE-2024-1553)
* Mozilla: Fullscreen Notification could have been hidden by select element (CVE-2024-1548)
* Mozilla: Custom cursor could obscure the permission dialog (CVE-2024-1549)
* Mozilla: Mouse cursor re-positioned unexpectedly could have led to unintended permission grants (CVE-2024-1550)
* Mozilla: Multipart HTTP Responses would accept the Set-Cookie header in response parts (CVE-2024-1551)
* Mozilla: Incorrect code generation on 32-bit ARM devices (CVE-2024-1552)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-1546: Out-of-bounds Read (CWE-125) CVE-2024-1547: The UI Performs the Wrong Action (CWE-449) CVE-2024-1548: The UI Performs the Wrong Action (CWE-449) CVE-2024-1549: Improper Restriction of Rendered UI Layers or Frames (CWE-1021) CVE-2024-1550: Improper Restriction of Rendered UI Layers or Frames (CWE-1021) CVE-2024-1551: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74) CVE-2024-1552: Incorrect Conversion between Numeric Types (CWE-681) CVE-2024-1553: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
|