SUSE: 2024:2876-1 Important: MozillaFirefox Security Threats Fixed
suse
August 12, 2024
* bsc#1226316 * bsc#1228648 Cross-References: * CVE-2024-6600
Summary
## This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.1.0 ESR (MFSA 2024-35, bsc#1228648) * CVE-2024-7518: Fullscreen notification dialog can be obscured by document * CVE-2024-7519: Out of bounds memory access in graphics shared memory handling * CVE-2024-7520: Type confusion in WebAssembly * CVE-2024-7521: Incomplete WebAssembly exception handing * CVE-2024-7522: Out of bounds read in editor component * CVE-2024-7524: CSP strict-dynamic bypass using web-compatibility shims * CVE-2024-7525: Missing permission check when creating a StreamFilter * CVE-2024-7526: Uninitialized memory used by WebGL * CVE-2024-7527: Use-after-free in JavaScript garbage collection * CVE-2024-7528: Use-after-free in IndexedDB
References
* bsc#1226316
* bsc#1228648
Cross-
* CVE-2024-6600
* CVE-2024-6601
* CVE-2024-6602
* CVE-2024-6603
* CVE-2024-6604
* CVE-2024-6605
* CVE-2024-6606
* CVE-2024-6607
* CVE-2024-6608
* CVE-2024-6609
* CVE-2024-6610
* CVE-2024-6611
* CVE-2024-6612
* CVE-2024-6613
* CVE-2024-6614
* CVE-2024-6615
* CVE-2024-7518
* CVE-2024-7519
* CVE-2024-7520
* CVE-2024-7521
* CVE-2024-7522
* CVE-2024-7524
* CVE-2024-7525
* CVE-2024-7526
* CVE-2024-7527
* CVE-2024-7528
* CVE-2024-7529
* CVE-2024-7531
CVSS scores:
* CVE-2024-6600 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-6601 ( SUSE ): 4.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-6602 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!