Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in firefox
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in firefox
ID: RHSA-2024:1910
Distribution: Red Hat
Plattformen: Red Hat Enterprise Linux Server (v. 7), Red Hat Enterprise Linux Client (v. 7), Red Hat Enterprise Linux Client Optional (v. 7), Red Hat Enterprise Linux Server Optional (v. 7), Red Hat Enterprise Linux Workstation (v. 7), Red Hat Enterprise Linux Workstation Optional (v. 7)
Datum: Fr, 19. April 2024, 06:50
Referenzen: https://access.redhat.com/security/cve/CVE-2024-3861
https://access.redhat.com/security/cve/CVE-2024-3864
https://access.redhat.com/security/cve/CVE-2024-2609
https://bugzilla.redhat.com/show_bug.cgi?id=2275553
https://access.redhat.com/security/cve/CVE-2024-3854
https://bugzilla.redhat.com/show_bug.cgi?id=2275547
https://bugzilla.redhat.com/show_bug.cgi?id=2275555
https://bugzilla.redhat.com/show_bug.cgi?id=2275552
https://bugzilla.redhat.com/show_bug.cgi?id=2275550
https://access.redhat.com/security/cve/CVE-2024-3852
https://bugzilla.redhat.com/show_bug.cgi?id=2275551
https://bugzilla.redhat.com/show_bug.cgi?id=2275549
https://access.redhat.com/errata/RHSA-2024:1910
https://access.redhat.com/security/cve/CVE-2024-3859
https://access.redhat.com/security/cve/CVE-2024-3857
Applikationen: Mozilla Firefox

Originalnachricht

An update for firefox is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance, and portability.

This update upgrades Firefox to version 115.10.0 ESR.

Security Fix(es):

* GetBoundName in the JIT returned the wrong object (CVE-2024-3852)

* Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854)

* Incorrect JITting of arguments led to use-after-free during garbage
collection (CVE-2024-3857)

* Permission prompt input delay could expire when not in focus (CVE-2024-2609)

* Integer-overflow led to out-of-bounds-read in the OpenType sanitizer
(CVE-2024-3859)

* Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861)

* Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird
115.10 (CVE-2024-3864)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2024-2609: Product UI does not Warn User of Unsafe Actions (CWE-356)
CVE-2024-3852: Access of Resource Using Incompatible Type ('Type
Confusion') (CWE-843)
CVE-2024-3854: Out-of-bounds Read (CWE-125)
CVE-2024-3857: Use After Free (CWE-416)
CVE-2024-3859: Out-of-bounds Read (CWE-125)
CVE-2024-3861: Use After Free (CWE-416)
CVE-2024-3864: Buffer Copy without Checking Size of Input ('Classic Buffer
Overflow') (CWE-120)
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung