Rocky Linux: RLSA-2024:1908 firefox security update Security Advisories Updates
Summary
An update is available for firefox. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. This update upgrades Firefox to version 115.10.0 ESR. Security Fix(es): * GetBoundName in the JIT returned the wrong object (CVE-2024-3852) * Out-of-bounds-read after mis-optimized switch statement (CVE-2024-3854) * Incorrect JITting of arguments led to use-after-free during garbage collection (CVE-2024-3857) * Permission prompt input delay could expire when not in focus (CVE-2024-2609) * Integer-overflow led to out-of-bounds-read in the OpenType sanitizer (CVE-2024-3859) * Potential use-after-free due to AlignedBuffer self-move (CVE-2024-3861) * Memory safety bug fixed in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10 (CVE-2024-3864) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
RPMs
firefox-0:115.10.0-1.el9_3.aarch64.rpm
firefox-0:115.10.0-1.el9_3.ppc64le.rpm
firefox-0:115.10.0-1.el9_3.s390x.rpm
firefox-0:115.10.0-1.el9_3.src.rpm
firefox-0:115.10.0-1.el9_3.x86_64.rpm
firefox-debuginfo-0:115.10.0-1.el9_3.aarch64.rpm
firefox-debuginfo-0:115.10.0-1.el9_3.ppc64le.rpm
firefox-debuginfo-0:115.10.0-1.el9_3.s390x.rpm
firefox-debuginfo-0:115.10.0-1.el9_3.x86_64.rpm
firefox-debugsource-0:115.10.0-1.el9_3.aarch64.rpm
firefox-debugsource-0:115.10.0-1.el9_3.ppc64le.rpm
firefox-debugsource-0:115.10.0-1.el9_3.s390x.rpm
firefox-debugsource-0:115.10.0-1.el9_3.x86_64.rpm
firefox-x11-0:115.10.0-1.el9_3.aarch64.rpm
firefox-x11-0:115.10.0-1.el9_3.ppc64le.rpm
firefox-x11-0:115.10.0-1.el9_3.s390x.rpm
firefox-x11-0:115.10.0-1.el9_3.x86_64.rpm
References
No References
CVEs
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2609
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3864
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=2275547
https://bugzilla.redhat.com/show_bug.cgi?id=2275549
https://bugzilla.redhat.com/show_bug.cgi?id=2275550
https://bugzilla.redhat.com/show_bug.cgi?id=2275551
https://bugzilla.redhat.com/show_bug.cgi?id=2275552
https://bugzilla.redhat.com/show_bug.cgi?id=2275553
https://bugzilla.redhat.com/show_bug.cgi?id=2275555