Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2024:1002-1 Critical MozillaFirefox Update and Security Issues

suse
Calendar Grey March 27, 2024
Dist Suse Esm H88
Critical security enhancement released for Mozilla Firefox addressing multiple weaknesses, including patch instructions specifically for openSUSE users.
* bsc#1220048 * bsc#1221327 * bsc#1221850 Cross-References:

Summary

## This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 115.9.1esr ESR MFSA 2024-16 (bsc#1221850). * CVE-2024-29944: Privileged JavaScript Execution via Event Handlers (bmo#1886852). Firefox Extended Support Release 115.9.0 ESR (bsc#1221327): * CVE-2024-0743: Crash in NSS TLS method (bmo#1867408). * CVE-2024-2605: Windows Error Reporter could be used as a Sandbox escape vector (bmo#1872920). * CVE-2024-2607: JIT code failed to save return registers on Armv7-A (bmo#1879939). * CVE-2024-2608: Integer overflow could have led to out of bounds write (bmo#1880692). * CVE-2024-2616: Improve handling of out-of-memory conditions in ICU (bmo#1846197). * CVE-2023-5388: NSS susceptible to timing attack against RSA decryption (bmo#1780432).

Topics%20covered

Topics Covered

security advisory critical software patch security enhancement application update SUSE MozillaFirefox

References

* bsc#1220048

* bsc#1221327

* bsc#1221850

Cross-

* CVE-2023-5388

* CVE-2024-0743

* CVE-2024-1546

* CVE-2024-1547

* CVE-2024-1548

* CVE-2024-1549

* CVE-2024-1550

* CVE-2024-1551

* CVE-2024-1552

* CVE-2024-1553

* CVE-2024-2605

* CVE-2024-2607

* CVE-2024-2608

* CVE-2024-2610

* CVE-2024-2611

* CVE-2024-2612

* CVE-2024-2614

* CVE-2024-2616

* CVE-2024-29944

CVSS scores:

* CVE-2023-5388 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-0743 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-0743 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-2605 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-2607 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1002-1
Rating: critical

Topics%20covered

Topics Covered

security advisory critical software patch security enhancement application update SUSE MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here