Advisories ยป MGASA-2024-0153

Updated firefox packages fix security vulnerabilities

Publication date: 27 Apr 2024
Modification date: 27 Apr 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-3852 , CVE-2024-3854 , CVE-2024-3857 , CVE-2024-2609 , CVE-2024-3859 , CVE-2024-3861 , CVE-2024-3302 , CVE-2024-3864

Description

CVE-2024-3852: GetBoundName in the JIT returned the wrong object
CVE-2024-3854: Out-of-bounds-read after mis-optimized switch statement
CVE-2024-3857: Incorrect JITting of arguments led to use-after-free
during garbage collection
CVE-2024-2609: Permission prompt input delay could expire when not in
focus
CVE-2024-3859: Integer-overflow led to out-of-bounds-read in the
OpenType sanitizer
CVE-2024-3861: Potential use-after-free due to AlignedBuffer self-move
CVE-2024-3863: Download Protections were bypassed by .xrm-ms files on
Windows
CVE-2024-3302: Denial of Service using HTTP/2 CONTINUATION frames
CVE-2024-3864: Memory safety bug fixed in Firefox 125, Firefox ESR
115.10, and Thunderbird 115.10
                

References

SRPMS

9/core