Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE: 2024:3614-1 critical: MozillaFirefox Security Advisory Updates

suse
Calendar Grey October 14, 2024
Dist Suse Esm H88
SUSE has rolled out a critical security update for MozillaFirefox addressing multiple vulnerabilities. Update immediately.
* bsc#1230979 * bsc#1231413 Cross-References: * CVE-2024-8900

Summary

## This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.1 ESR MFSA 2024-51 (bsc#1231413) * CVE-2024-9680: Use-after-free in Animation timeline (bmo#1923344) Also includes the following CVEs from MFSA 2024-47 (bsc#1230979) * CVE-2024-9392: Compromised content process can bypass site isolation (bmo#1899154, bmo#1905843) * CVE-2024-9393: Cross-origin access to PDF contents through multipart responses (bmo#1918301) * CVE-2024-9394: Cross-origin access to JSON contents through multipart responses (bmo#1918874) * CVE-2024-8900: Clipboard write permission bypass (bmo#1872841) * CVE-2024-9396: Potential memory corruption may occur when cloning certain objects (bmo#1912471)

Topics%20covered

Topics Covered

No topics assigned

References

* bsc#1230979

* bsc#1231413

Cross-

* CVE-2024-8900

* CVE-2024-9392

* CVE-2024-9393

* CVE-2024-9394

* CVE-2024-9396

* CVE-2024-9397

* CVE-2024-9398

* CVE-2024-9399

* CVE-2024-9400

* CVE-2024-9401

* CVE-2024-9402

* CVE-2024-9680

CVSS scores:

* CVE-2024-8900 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

* CVE-2024-9392 ( SUSE ): 7.7

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2024-9392 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2024-9392 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-9393 ( SUSE ): 2.3

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-9393 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3614-1
Release Date: 2024-10-14T10:01:38Z
Rating: critical

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here