Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2024:3899-1 important: MozillaFirefox Memory Safety Issues

suse
Calendar Grey November 4, 2024
Dist Suse Esm H88
Security notice for MozillaFirefox: SUSE updates target essential vulnerabilities and urgent patches. Keep up to date!
* bsc#1231879 Cross-References: * CVE-2024-10458 * CVE-2024-10459

Summary

## This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 128.4.0 ESR (bsc#1231879): * CVE-2024-10458: Permission leak via embed or object elements * CVE-2024-10459: Use-after-free in layout with accessibility * CVE-2024-10460: Confusing display of origin for external protocol handler prompt * CVE-2024-10461: XSS due to Content-Disposition being ignored in multipart/x-mixed-replace response * CVE-2024-10462: Origin of permission prompt could be spoofed by long URL * CVE-2024-10463: Cross origin video frame leak * CVE-2024-10464: History interface could have been used to cause a Denial of Service condition in the browser * CVE-2024-10465: Clipboard "paste" button persisted across tabs * CVE-2024-10466: DOM push subscription message could hang Firefox

Topics%20covered

Topics Covered

security advisory update important Denial of Service memory safety SUSE Linux Enterprise MozillaFirefox

References

* bsc#1231879

Cross-

* CVE-2024-10458

* CVE-2024-10459

* CVE-2024-10460

* CVE-2024-10461

* CVE-2024-10462

* CVE-2024-10463

* CVE-2024-10464

* CVE-2024-10465

* CVE-2024-10466

* CVE-2024-10467

CVSS scores:

* CVE-2024-10458 ( SUSE ): 8.6

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

* CVE-2024-10458 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

* CVE-2024-10458 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-10458 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2024-10459 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2024-10459 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-10459 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3899-1
Release Date: 2024-11-04T11:16:01Z
Rating: important

Topics%20covered

Topics Covered

security advisory update important Denial of Service memory safety SUSE Linux Enterprise MozillaFirefox

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here