[Apollo] Advisories Statistics light light Login

RLSA-2024:7700

Security Mirrored from RHSA-2024:7700
Issued at: 2024-10-25
Updated at: 2024-10-25

Synopsis

Important: firefox security update



Description

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: 115.16/128.3 ESR ()

* firefox: thunderbird: Specially crafted WebTransport requests could lead to denial of service (CVE-2024-9399)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131 and Thunderbird 131 (CVE-2024-9403)

* firefox: thunderbird: Potential directory upload bypass via clickjacking (CVE-2024-9397)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 115.16, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9401)

* firefox: thunderbird: Memory safety bugs fixed in Firefox 131, Firefox ESR 128.3, Thunderbird 131, and Thunderbird 128.3 (CVE-2024-9402)

* firefox: thunderbird: External protocol handlers could be enumerated via popups (CVE-2024-9398)

* firefox: thunderbird: Potential memory corruption during JIT compilation (CVE-2024-9400)

* firefox: thunderbird: Potential memory corruption may occur when cloning certain objects (CVE-2024-9396)

* firefox: thunderbird: Cross-origin access to PDF contents through multipart responses (CVE-2024-9393)

* firefox: thunderbird: Cross-origin access to JSON contents through multipart responses (CVE-2024-9394)

* firefox: thunderbird: Compromised content process can bypass site isolation (CVE-2024-9392)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2314430 2315945 2315947 2315949 2315950 2315951 2315952 2315953 2315954 2315956 2315957 2315959

CVEs

CVE-2024-8900 CVE-2024-9392 CVE-2024-9393 CVE-2024-9394 CVE-2024-9396 CVE-2024-9397 CVE-2024-9398 CVE-2024-9399 CVE-2024-9400 CVE-2024-9401 CVE-2024-9402

Affected packages

Rocky Linux 8 aarch64 - AppStream

firefox-0:128.3.0-1.el8_10.aarch64.rpm firefox-0:128.3.0-1.el8_10.src.rpm firefox-debuginfo-0:128.3.0-1.el8_10.aarch64.rpm firefox-debugsource-0:128.3.0-1.el8_10.aarch64.rpm

Rocky Linux 8 x86_64 - AppStream

firefox-0:128.3.0-1.el8_10.src.rpm firefox-0:128.3.0-1.el8_10.x86_64.rpm firefox-debuginfo-0:128.3.0-1.el8_10.x86_64.rpm firefox-debugsource-0:128.3.0-1.el8_10.x86_64.rpm